Skip to main content

Bookify

1 CVEs product

Monthly

CVE-2025-69332 MEDIUM This Month

Broken access control in the Bookify WordPress plugin (versions ≤ 1.1.1) allows authenticated subscriber-level users to access resources or functionality reserved for higher-privileged roles. The flaw stems from missing authorization checks (CWE-862), enabling low-privilege users to retrieve sensitive data they should be denied. No public exploit or CISA KEV listing has been identified at time of analysis, though Patchstack has documented the vulnerability with a CVSS 6.5 score reflecting high confidentiality impact.

Authentication Bypass Bookify
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Bookify WordPress plugin (versions ≤ 1.1.1) allows authenticated subscriber-level users to access resources or functionality reserved for higher-privileged roles. The flaw stems from missing authorization checks (CWE-862), enabling low-privilege users to retrieve sensitive data they should be denied. No public exploit or CISA KEV listing has been identified at time of analysis, though Patchstack has documented the vulnerability with a CVSS 6.5 score reflecting high confidentiality impact.

Authentication Bypass Bookify
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy