CVE Daily

CVE-2025-7965

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF che...

Medium CVSS 4.3

Overview

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CWE: N/A Published: 2025-08-11T06:15:26.900
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.3 (MEDIUM)
  • Detected tags: csrf, wordpress (tag impact: MODERATE)

Recommended actions:

  • CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Recommended tools

Tags