WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...

CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...

WordPress BookIt plugin <= 2.5.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by davidfdzmorilla in WordPress Plugin BookIt versions = 2.5.1...

WordPress Bookit plugin < 2.5.1 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BookIt versions 2.5.1...

CVE-2025-12841

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...

CVE-2025-12841

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...

CVE-2025-12841

CVE-2025-12841 affects the WordPress plugin Bookit . Prior to version 2.5.1, it exposes a publicly accessible REST endpoint that allows unauthenticated updates to the plugin’s Stripe payment options. Exposure stems from missing authorization on REST endpoints. The vulnerability is documented acro...

CVE-2025-12841 Bookit < 2.5.1 – Unauthenticated Settings Update

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...

CVE-2025-12841 Bookit < 2.5.1 – Unauthenticated Settings Update

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...

WordPress plugin Bookit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress BookIt plugin <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection vulnerability

Missing Authorization to Unauthenticated Stripe Connection vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin BookIt versions = 2.5.0...

WordPress plugin Booking Calendar | Appointment Booking | Bookit 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WPBookit 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2023-2834

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

CVE-2024-24715 WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0...

CVE-2024-24715 WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0...

WordPress BookIt Plugin <= 2.4.0 is vulnerable to Bypass Vulnerability

Software BookIt Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.2 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-24715 Patch priority Low CVSS severity Low 6.5 Developer Liquid Web / StellarWP PSID 799e8bdab70a Credits Debangshu Kundu & Arpeet Rathi...

CVE-2023-50852

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3...

CVE-2023-50852 WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3...

WordPress BookIt Plugin < 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software BookIt Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID 6ec153a6ea5e Credits Rafie Muhammad Patchstack Required...