Bookit
Monthly
Authentication bypass in Liquid Web / StellarWP BookIt WordPress plugin versions before 2.5.4.1 allows remote unauthenticated attackers to abuse the password recovery channel to take over accounts. The flaw maps to CWE-288 (alternate path/channel) and carries a CVSS 7.5 (high) integrity impact; no public exploit identified at time of analysis, though Patchstack has catalogued the issue for the WordPress ecosystem.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Authentication bypass in Liquid Web / StellarWP BookIt WordPress plugin versions before 2.5.4.1 allows remote unauthenticated attackers to abuse the password recovery channel to take over accounts. The flaw maps to CWE-288 (alternate path/channel) and carries a CVSS 7.5 (high) integrity impact; no public exploit identified at time of analysis, though Patchstack has catalogued the issue for the WordPress ecosystem.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.