CVE-2025-12573

Publication date

2026-01-20 06:00:06

Family

WPScan

State

PUBLISHED

Description

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data.