Security Advisory

CVE-2025-6814

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-04 01:44:04

Last updated 2025-07-08 14:21:21

Assigner Wordfence

State PUBLISHED

Description

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.

← Browse all CVEs View on cve.org ↗