Skip to main content

Bookit

3 CVEs product

Monthly

CVE-2026-40780 HIGH PATCH This Week

Authentication bypass in Liquid Web / StellarWP BookIt WordPress plugin versions before 2.5.4.1 allows remote unauthenticated attackers to abuse the password recovery channel to take over accounts. The flaw maps to CWE-288 (alternate path/channel) and carries a CVSS 7.5 (high) integrity impact; no public exploit identified at time of analysis, though Patchstack has catalogued the issue for the WordPress ecosystem.

Authentication Bypass Bookit
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-50852 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bookit
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-2834 CRITICAL POC PATCH Act Now

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Bookit
NVD
CVSS 3.1
9.8
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Authentication bypass in Liquid Web / StellarWP BookIt WordPress plugin versions before 2.5.4.1 allows remote unauthenticated attackers to abuse the password recovery channel to take over accounts. The flaw maps to CWE-288 (alternate path/channel) and carries a CVSS 7.5 (high) integrity impact; no public exploit identified at time of analysis, though Patchstack has catalogued the issue for the WordPress ecosystem.

Authentication Bypass Bookit
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bookit
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Bookit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy