2 matches found
CVE-2025-7689
creationtimestamp| type| source ---|---|--- 2025-07-29 10:34:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv3vudaiai2t...
CVE-2025-7689 Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function
The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhbresetpasswordcallback function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password o...