Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total1

Critical0

High0

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-1 of 1 records

Threat Entry Updated 2025-11-19

CVE-2025-12842 - Timeslot Plugin

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot_appt_email AJAX action. This makes it possible for unauthenticated attackers to send appointment notification emails to arbitrary recipients with attacker-controlled text content in certain email fields, potentially enabling the site to be abused for phishing campaigns or spam distribution.

PLUGIN Timeslot

CVE-2025-12842

MEDIUM CVSS 5.3 2025-11-19

Risk Score

Open Full Technical Breakdown

Scroll to top

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2025-12842 - Timeslot Plugin

Company Links

Contact Us