2025-11-12 07:27:40
Wordfence
PUBLISHED
The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/bookit/v1/commerce/stripe/return REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to connect their Stripe account and receive payments.