Bookit WordPress Plugin Vulnerability

MEDIUM (5.3) No Patch (1 days)
phppluginvulnerability-typewordpress

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 7%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Bookit WordPress plugin is a popular add-on for managing Stripe payment options. However, it has a publicly accessible REST endpoint that allows unauthenticated update of the plugin's Stripe payment settings. This vulnerability poses a significant risk to users whose websites rely on this plugin.

Am I affected?

You're affected if you use Bookit WordPress. Affected versions: 2.5.1

Affected Products

DynamiApps / Bookit

How to fix

  1. Update to Bookit WordPress version 2.5.1 or later: https://wordpress.org/plugins/bookit/
  2. If you can't upgrade immediately:
    • Restrict network access to your WordPress installation (firewall it from the public internet)
    • Audit plugin updates for suspicious activity patterns
    • Monitor for unauthorized plugin updates

References