dwbooster CVE Vulnerabilities & Metrics

Focus on dwbooster vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About dwbooster Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dwbooster. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dwbooster CVEs: 15
Earliest CVE date: 11 Jul 2019, 13:15 UTC
Latest CVE date: 06 Oct 2023, 15:15 UTC

Latest CVE reference: CVE-2023-41732

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dwbooster CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.29

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	11
4.0-6.9	3
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dwbooster CVEs

These are the five CVEs with the highest CVSS scores for dwbooster, sorted by severity first and recency.

CVE-2022-1692 dwbooster Published on 08 Jun 2022, 10:15 UTC (CVSS: 7.5)
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
CVE-2021-24498 dwbooster Published on 02 Aug 2021, 11:15 UTC (CVSS: 4.3)
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
CVE-2017-18579 dwbooster Published on 22 Aug 2019, 20:15 UTC (CVSS: 4.3)
The corner-ad plugin before 1.0.8 for WordPress has XSS.
CVE-2019-13505 dwbooster Published on 11 Jul 2019, 13:15 UTC (CVSS: 4.3)
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
CVE-2022-1710 dwbooster Published on 13 Jun 2022, 13:15 UTC (CVSS: 3.5)
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

All CVEs for dwbooster

CVE-2023-41732 dwbooster vulnerability CVSS: 0 06 Oct 2023, 15:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.

CVE-2022-3427 dwbooster vulnerability CVSS: 0 15 Dec 2022, 19:15 UTC

The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-4036 dwbooster vulnerability CVSS: 0 29 Nov 2022, 21:15 UTC

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.

CVE-2022-4035 dwbooster vulnerability CVSS: 0 29 Nov 2022, 21:15 UTC

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.

CVE-2022-4034 dwbooster vulnerability CVSS: 0 29 Nov 2022, 21:15 UTC

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

CVE-2022-41692 dwbooster vulnerability CVSS: 0 18 Nov 2022, 19:15 UTC

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.

CVE-2022-2846 dwbooster vulnerability CVSS: 0 16 Aug 2022, 19:15 UTC

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.

CVE-2022-1710 dwbooster vulnerability CVSS: 3.5 13 Jun 2022, 13:15 UTC

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

CVE-2022-1692 dwbooster vulnerability CVSS: 7.5 08 Jun 2022, 10:15 UTC

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack

CVE-2022-0448 dwbooster vulnerability CVSS: 3.5 07 Mar 2022, 09:15 UTC

The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

CVE-2021-24712 dwbooster vulnerability CVSS: 3.5 11 Oct 2021, 11:15 UTC

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.

CVE-2021-24673 dwbooster vulnerability CVSS: 3.5 04 Oct 2021, 12:15 UTC

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2021-24498 dwbooster vulnerability CVSS: 4.3 02 Aug 2021, 11:15 UTC

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.

CVE-2017-18579 dwbooster vulnerability CVSS: 4.3 22 Aug 2019, 20:15 UTC

The corner-ad plugin before 1.0.8 for WordPress has XSS.

CVE-2019-13505 dwbooster vulnerability CVSS: 4.3 11 Jul 2019, 13:15 UTC

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.