5 matches found
CVE-2025-3811
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...
CVE-2025-3811
creationtimestamp| type| source ---|---|--- 2025-05-09 02:25:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15656 2025-05-09 04:41:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lopmefntwq2p 2025-05-09 05:01:06+00:00| seen|...
CVE-2025-3811
CVE-2025-3811 (WPBookit) affects the WordPress plugin WPBookit in all versions up to 1.0.2. The issue is an authentication/identity validation flaw in edit_newdata_customer_callback() that allows an unauthenticated attacker to change arbitrary users’ emails (including administrators), enabling pa...
CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...
CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the editnewdatacustomercallback function...