57 matches found
WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update
Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...
CVE-2026-40780
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-40780
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-40780
CVE-2026-40780 (WordPress BookIt plugin) : Affected product is the BookIt plugin (Liquid Web / StellarWP) for WordPress. The vulnerability is a broken authentication/password-recovery bypass via an alternate path or channel, enabling password recovery exploitation. Affects BookIt versions prior t...
CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-40780
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
EUVD-2026-33948
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
PT-2026-45779
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
WordPress BookIt plugin <= 2.5.1 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by davidfdzmorilla in WordPress Plugin BookIt versions = 2.5.1...
WordPress Bookit plugin < 2.5.1 - Unauthenticated Settings Update vulnerability
Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BookIt versions 2.5.1...
CVE-2025-12841
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...
CVE-2025-12841
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...
CVE-2025-12841
CVE-2025-12841 affects the WordPress plugin Bookit . Prior to version 2.5.1, it exposes a publicly accessible REST endpoint that allows unauthenticated updates to the plugin’s Stripe payment options. Exposure stems from missing authorization on REST endpoints. The vulnerability is documented acro...
CVE-2025-12841 Bookit < 2.5.1 – Unauthenticated Settings Update
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...
CVE-2025-12841 Bookit < 2.5.1 – Unauthenticated Settings Update
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...
EUVD-2025-203065
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...
WordPress plugin Bookit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-50919
Name of the Vulnerable Software and Affected Versions Bookit WordPress plugin versions prior to 2.5.1 Description The Bookit WordPress plugin contains a publicly accessible REST endpoint that allows unauthenticated modification of the plugin's Stripe payment settings. This allows attackers to alt...
CVE-2025-12633
CVE-2025-12633 : The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable due to a missing capability check on the REST endpoint /wp-json/bookit/v1/commerce/stripe/return, affecting all versions up to and including 2.5.0. This allows unauthenticated attackers to conn...