5 matches found
WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update
Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...
CVE-2025-12841
creationtimestamp| type| source ---|---|--- 2025-12-12 11:13:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7rxhk2xat2m 2025-12-12 11:15:55+00:00| seen| https://gist.github.com/Darkcrai86/ec7dbbcd699e57c904499a621ce6f55d 2025-12-12 11:39:49+00:00| seen|...
CVE-2025-12841 Bookit < 2.5.1 – Unauthenticated Settings Update
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...
EUVD-2025-12841
Malicious code in bioql PyPI...
Oracle Linux 9 : gdk-pixbuf2 (ELSA-2025-12841)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12841 advisory. - Backport fixes for CVE-2025-7345 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...