CVE-2025-12633 | Booking Calendar Plugin up to 2.5.0 on WordPress REST API Endpoint return authorization

November 12, 2025 Yanac

A vulnerability, which was classified as critical, has been found in Booking Calendar Plugin up to 2.5.0 on WordPress. Impacted is an unknown function of the file /wp-json/bookit/v1/commerce/stripe/return of the component REST API Endpoint. This manipulation causes missing authorization.

This vulnerability is registered as CVE-2025-12633. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More