CVE-2025-12573

MEDIUM 6.5

Bookingor <= 1.0.12 - Subscriber+ Category Deletion

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

12th

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data.

Vendor	unknown
Product	bookingor
Published	Jan 20, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown bookingor

Be the first to know when new medium vulnerabilities affecting unknown bookingor are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Bookingor

0 ≤ 1.0.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/b6198d76-813c-4f13-8b3d-b4609095ae34/

Credits

Khaled Alenazi (Nxploited) WPScan