The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0003
Percentile: 0.06644

CVSS Scoring

Mapped CWE(s)

• CWE-326 : Inadequate Encryption Strength

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1110 : Brute Force
  Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:dwbooster:appointment_hour_booking:*:*:*:*:*:wordpress:*:*

← Back to Home