CVE-2025-13318 – Booking Calendar Contact Form

CVE ID : CVE-2025-13318

Published : Nov. 22, 2025, 8:30 a.m. | 47 minutes ago

Description : The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and bypass payment requirements via the ‘dex_bccf_ipn’ parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-13090 – WP Directory Kit

CVE-2025-41742 – Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components

CVE-2025-41744 – Sprecher Automation: SPRECON-E series has static default key material for TLS connections

CVE-2025-41743 – Sprecher Automation: SPRECON-E series prone to weak encryption of update files