PT-2025-47435 · WordPress · Booking Plugin For Wordpress Appointments – Time Slot
Published
2025-11-19
·
Updated
2025-11-19
·
CVE-2025-12842
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Booking Plugin for WordPress Appointments – Time Slot versions up to and including 1.4.7
Description
The software is susceptible to unauthorized email sending due to a lack of validation on the
tslot appt email AJAX action. This allows unauthenticated attackers to send appointment notification emails to arbitrary recipients, with the ability to control content within certain email fields. This could potentially be used for phishing campaigns or spam distribution.Recommendations
Update The Booking Plugin for WordPress Appointments – Time Slot to a version later than 1.4.7.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Booking Plugin For Wordpress Appointments – Time Slot