cleantalk
Vulnerabilities and Security Researches

Appointment Hour Booking – WordPress Booking Plugin, CVE-2022-4036

CVE, Research URL

CVE-2022-4036

Home page URL

Security reports for Appointment Hour Booking – WordPress Booking Plugin

Application

Appointment Hour Booking – WordPress Booking Plugin

Published on
Nov 30, 2022
Research Description
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
Affected versions
max 1.3.73.
Status
vulnerable
Previous vulnerability researches
Appointment Hour Booking – WordPress Booking Plugin (CVE-2023-45649) , Mar 21, 2025
Appointment Hour Booking – WordPress Booking Plugin (CVE-2021-24712) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-4036) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2019-13505) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-1710) , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026