Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical1
High1
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-12-12

CVE-2025-12841 - Bookit Plugin

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options.

PLUGIN Bookit

CVE-2025-12841

MEDIUM CVSS 5.3 2025-12-12
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-12633 - Bookit Plugin

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to connect their Stripe account and receive payments.

PLUGIN Bookit

CVE-2025-12633

HIGH CVSS 7.5 2025-11-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2834 - Bookit Plugin

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

PLUGIN Bookit

CVE-2023-2834

CRITICAL CVSS 9.8 2023-06-30
Open Full Technical Breakdown
Scroll to top