PT-2025-48811 · WordPress · Fluent Booking

Published

2025-12-03

Updated

2025-12-03

CVE-2025-13756

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Fluent Booking plugin for WordPress versions up to and including 1.9.11

Description The Fluent Booking plugin for WordPress is affected by an issue allowing unauthorized calendar import and management. This occurs due to a missing capability check on the importCalendar function. Authenticated attackers with subscriber-level access or higher can import and manage arbitrary calendars.

Recommendations Update to a version of the Fluent Booking plugin later than 1.9.11.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-13756

Affected Products

Fluent Booking

PT-2025-48811 · WordPress · Fluent Booking

CVE-2025-13756

Weakness Enumeration

Related Identifiers

Affected Products

References · 5