How to fix CVE-2025-6814?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is PHP affected by CVE-2025-6814?

Organizations using Booking X face notable risk from CVE-2025-6814, a missing authorization vulnerability rated CVSS 7.5. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

CVE-2025-6814

EUVD-2025-19919 HIGH

2025-07-04 [email protected]

WordPress Authentication Bypass PHP

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 02:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 02:42 euvd

EUVD-2025-19919

CVE Published

Jul 04, 2025 - 03:15 nvd

HIGH 7.5

DescriptionNVD

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.

AnalysisAI

A security vulnerability in Booking X (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-862 (Missing Authorization). CVSS 7.5 indicates high severity. Affects Booking X.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-6814 vulnerability details – vuln.today

Back

CVE-2025-6814

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code