CVE-2025-12399 | Alex Reservations Smart Restaurant Booking Plugin up to 2.2.3 on WordPress REST Endpoint file unrestricted upload

A vulnerability was found in Alex Reservations Smart Restaurant Booking Plugin up to 2.2.3 on WordPress. It has been declared as critical. The impacted element is an unknown function of the file /wp-json/srr/v1/app/upload/file of the component REST Endpoint. Executing manipulation can lead to unrestricted upload.

The identification of this vulnerability is CVE-2025-12399. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More