Vulnerabilities > Dwbooster > Appointment Hour Booking > 1.3.38

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-41692 Missing Authorization vulnerability in Dwbooster Appointment Hour Booking
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
network
low complexity
dwbooster CWE-862
8.8
2022-06-13 CVE-2022-1710 Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
network
dwbooster CWE-79
3.5