CVE-2022-4034

Name of the Vulnerable Software and Affected Versions Appointment Hour Booking Plugin for WordPress versions up to, and including, 1.3.72

Description The issue allows unauthenticated attackers to embed untrusted input into content during booking creation, which may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Recommendations For versions up to, and including, 1.3.72, update to a version later than 1.3.72 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.