4 matches found
CVE-2025-6814
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...
CVE-2025-6814 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...
CVE-2025-6814
CVE-2025-6814 affects Booking X for WordPress (versions 1.0–1.1.2). The root cause is a missing capability check in export_now(), allowing unauthenticated attackers to download all plugin data (including user accounts, user meta, and PayPal credentials) via a crafted POST request. Public details ...
PT-2025-27855 · WordPress · Booking X
Name of the Vulnerable Software and Affected Versions: Booking X plugin for WordPress versions 1.0 through 1.1.2 Description: The issue allows unauthorized access to data due to a missing capability check on the export now function. This enables unauthenticated attackers to download all plugin...