5.3
CVE-2022-4036
- EPSS 0.08%
- Veröffentlicht 29.11.2022 21:15:12
- Zuletzt bearbeitet 21.11.2024 07:34:29
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAppointment Hour Booking <= 1.3.72 - CAPTCHA Bypass
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
Mögliche Gegenmaßnahme
Appointment Hour Booking – Booking Calendar: Update to version 1.3.73, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Appointment Hour Booking – Booking Calendar
Version
*-1.3.72
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dwbooster ≫ Appointment Hour Booking SwPlatformwordpress Version <= 1.3.72
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.233 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.