CVE Vulnerability

CVE-2022-4036

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4036 Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2803896%40appointment-hour-booking&new=2803896%40appointment-hour-booking&sfp_email=&sfph_mail= Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:dwbooster:appointment_hour_booking:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-11-29 09:15

Updated : 2022-12-01 09:51

NVD link : CVE-2022-4036

Mitre link : CVE-2022-4036

Products Affected
No products.
CWE
CWE-863