We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2025-12573

CVE-2025-12573

WordPress

Severity: MEDIUM
CVSS: 6.5CVSS
Published: 2026-01-20
Last modified: 2026-01-26
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Description

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data.

References

https://wpscan.com/vulnerability/b6198d76-813c-4f13-8b3d-b4609095ae34/

Summary

Description

References