PT-2025-34020 · WordPress · Online Booking & Scheduling Calendar For Wordpress

·

CVE-2025-54677

·

Published

2025-08-20

·

Updated

2025-12-12

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: vcita Online Booking & Scheduling Calendar for WordPress by vcita versions through 4.5.3
Description: The software contains a vulnerability that allows for the upload of files with dangerous types. This enables the use of malicious files.
Recommendations: Update vcita Online Booking & Scheduling Calendar for WordPress by vcita to a version later than 4.5.3.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-54677

Affected Products

Online Booking & Scheduling Calendar For Wordpress