CVE-2025-12135

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.6

Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to a missing capability check on the save custome code() function, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts will execute whenever a user accesses an injected page via the css code parameter.

Recommendations Update WPBookit to a version later than 1.0.6.