Sensitive Data Exposure in vcita Online Booking & Scheduling Calendar Plugin for WordPress
CVE-2025-32238

4.3MEDIUM

What is CVE-2025-32238?

A vulnerability exists in the vcita Online Booking & Scheduling Calendar for WordPress that allows attackers to generate error messages revealing sensitive embedded data. This could lead to unauthorized access to confidential information, impacting user privacy and security. The issue affects the plugin versions from n/a up to 4.5.2, emphasizing the need for users to ensure they are running a secured version to protect their data.

Affected Version(s)

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joshua Chan (Patchstack Alliance)
.