CVE-2025-12126

Name of the Vulnerable Software and Affected Versions The Total Book Project plugin for WordPress versions prior to 1.1

Description The software is susceptible to an Insecure Direct Object Reference issue. This impacts authenticated attackers with Contributor-level access or higher, allowing them to perform unauthorized actions on books and chapters they do not own. The issue stems from a lack of validation on a user-controlled key within several functions.

Recommendations Update to version 1.1 or later.