cleantalk
Vulnerabilities and Security Researches

Appointment Hour Booking – WordPress Booking Plugin, CVE-2022-4035

CVE, Research URL

CVE-2022-4035

Home page URL

Security reports for Appointment Hour Booking – WordPress Booking Plugin

Application

Appointment Hour Booking – WordPress Booking Plugin

Published on
Nov 30, 2022
Research Description
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.
Affected versions
max 1.3.73.
Status
vulnerable
Previous vulnerability researches
Appointment Hour Booking – WordPress Booking Plugin (CVE-2023-45649) , Mar 21, 2025
Appointment Hour Booking – WordPress Booking Plugin (CVE-2021-24712) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-4036) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2019-13505) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-1710) , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026