CVE-2022-4034EPSS p44.7%

CVE-2022-4034CVE-2022-4034

dwbooster / appointment_hour_booking

Description

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Scoring

CVSS 5.8 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS0.61% probability of exploitation · percentile 44.7% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.