PT-2025-45545 · WordPress · Course Booking System
Powpy
·
Published
2025-11-08
·
Updated
2025-11-08
·
CVE-2025-12042
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Course Booking System versions prior to 6.1.6
Description
The Course Booking System plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check in the
csv-export.php file. An unauthenticated attacker can directly access this file and obtain an export of all booking data.Recommendations
Update the Course Booking System plugin to version 6.1.6 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Course Booking System