Cross-Site Request Forgery Vulnerability in Easy Booked - Appointment Booking System by MD Abu Jubayer Hossain
CVE-2025-22634

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Booked – Appointment Booking And Scheduling Management System For WordPress
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-22634?

The Easy Booked – Appointment Booking and Scheduling Management System for WordPress contains a Cross-Site Request Forgery (CSRF) vulnerability. This issue allows an attacker to perform unauthorized actions on behalf of a user who is logged into the website. If exploited, this vulnerability can compromise the integrity of the application, leading to unauthorized access and manipulation of appointment data. Users of affected versions should implement immediate security measures, including updates or patches, to safeguard their systems.

Affected Version(s)

Easy Booked – Appointment Booking and Scheduling Management System for WordPress <= 2.4.5

References

https://patchstack.com/database/wordpress/plugin/easy-boo...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

l8BL (Patchstack Alliance)