Lucene search
K

134 matches found

NVD
NVD
added 2026/01/02 6:15 a.m.3 views

CVE-2025-12685

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

6.5CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/01/02 6:0 a.m.15 views

CVE-2025-12685

CVE-2025-12685 affects the WPBookit WordPress plugin up to version 1.0.7 and arises from a missing CSRF check when deleting customers, potentially enabling an unauthenticated attacker to delete any customer via CSRF. Public sources consistently describe WPBookit

6.5CVSS6.4AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 6:0 a.m.3 views

CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

6.4AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/02 6:0 a.m.26 views

CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.4 views

WordPress plugin WPBookit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

6.5CVSS6.3AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.3 views

PT-2026-1050

Name of the Vulnerable Software and Affected Versions WPBookit versions through 1.0.7 Description The WPBookit WordPress plugin does not properly validate Cross-Site Request Forgery CSRF tokens when deleting customer data. This allows an attacker, without needing to be logged in, to delete any...

6.5CVSS6.4AI score0.00136EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability

Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...

9.8CVSS5.9AI score0.00634EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 8:13 a.m.4 views

WordPress WPBookit plugin <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Ryan Kozak in WordPress Plugin WPBookit versions = 1.0.6...

7.2CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.8 views

CVE-2025-12135

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS4.7AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 9:30 a.m.5 views

EUVD-2025-198406

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS4.3AI score0.00256EPSS
Exploits0References9
NVD
NVD
added 2025/11/21 8:15 a.m.4 views

CVE-2025-12135

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00256EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.8 views

CVE-2025-12135 WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00256EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.3 views

WordPress plugin WPBookit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

7.2CVSS5.7AI score0.00256EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.5 views

PT-2025-47691

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.6 Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to a missing capability check on the save custome code function, allowing unauthenticated...

7.2CVSS5.5AI score0.00256EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21200

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00642EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-1626

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01061EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-7716

Malicious code in bioql PyPI...

7.1CVSS9.2AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52405

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00609EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-9797

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00425EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/26 4:31 a.m.11 views

CVE-2025-7852

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

9.8CVSS7.6AI score0.01207EPSS
Exploits1References1
Rows per page
Query Builder