5.3

CVE-2022-4036

Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass

Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
Mögliche Gegenmaßnahme
Appointment Hour Booking – Booking Calendar: Update to version 1.3.73, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DwboosterAppointment Hour Booking SwPlatformwordpress Version <= 1.3.72
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Appointment Hour Booking – Booking Calendar
Version *-1.3.72
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.347
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-804 Guessable CAPTCHA

The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2803896%40appointment-hour-booking&new=2803896%40appointment-hour-booking&sfp_email=&sfph_mail=
Patch
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4036
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f62d28bd-fa33-4f0b-a116-5aacc05bfa3a?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/f62d28bd-fa33-4f0b-a116-5aacc05bfa3a
Third Party Advisory