cbcvebase.

Themetechmount Truebooker vulnerabilities

6 known vulnerabilities affecting themetechmount/truebooker.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-6924P2CRITICALCVSS 9.8PoC≤ 1.0.22024-09-08
CVE-2024-6924 [CRITICAL] CWE-89 CVE-2024-6924: The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter befo The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
nvd
CVE-2026-48881P2CRITICALCVSS 9.1≥ n/a, ≤ 1.1.92026-06-15
CVE-2026-48881 [CRITICAL] CWE-862 CVE-2026-48881: Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
nvd
CVE-2026-39663P4MEDIUMCVSS 5.3≤ 1.1.52026-04-08
CVE-2026-39663 [MEDIUM] CWE-862 CVE-2026-39663: Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allo Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.
nvd
CVE-2025-67581P4MEDIUMCVSS 5.3≤ 1.1.02025-12-09
CVE-2025-67581 [MEDIUM] CWE-862 CVE-2025-67581: Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allo Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.
nvd
CVE-2024-6925P4MEDIUMCVSS 4.3≤ 1.0.22024-09-08
CVE-2024-6925 [MEDIUM] CWE-352 CVE-2024-6925: The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its se The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
nvd
CVE-2025-47543P4MEDIUMCVSS 4.3fixed in 1.0.8≤ 1.0.72025-05-07
CVE-2025-47543 [MEDIUM] CWE-352 CVE-2025-47543: Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment- Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
nvd
Themetechmount Truebooker vulnerabilities | cvebase