Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/07/04 1:44 a.m.5 views

CVE-2025-6814 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...

7.5CVSS7AI score0.00378EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/04 1:44 a.m.13 views

CVE-2025-6814 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...

7.5CVSS0.00378EPSS
Exploits0References4
CVE
CVE
added 2025/07/04 1:44 a.m.37 views

CVE-2025-6814

CVE-2025-6814 affects Booking X for WordPress (versions 1.0–1.1.2). The root cause is a missing capability check in export_now(), allowing unauthenticated attackers to download all plugin data (including user accounts, user meta, and PayPal credentials) via a crafted POST request. Public details ...

7.5CVSS6.4AI score0.00378EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/07/03 11:18 p.m.11 views

WordPress Booking X plugin 1.0-1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by kr0d in WordPress Plugin Booking X versions 1.0-1.1.2...

7.5CVSS6.3AI score0.00378EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder