Home > Vulnerability Database > CVE-2022-4034

Mend.io Vulnerability Database

CVE-2022-4034

Good to know:

Date: November 29, 2022

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Language: PHP

Severity Score

7.8

Related Resources (4)

Url: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2803896%40appointment-hour-booking&new=2803896%40appointment-hour-booking&sfp_email=&sfph_mail=

Url: https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4034

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4034

Url: https://www.mend.io/vulnerability-database/CVE-2022-4034

Severity Score

7.8

Weakness Type (CWE)

Improper Neutralization of Formula Elements in a CSV File

CWE-1236

Top Fix

Upgrade Version

Upgrade to version 1.3.73

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4034

Good to know:

Date: November 29, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?