Sensitive Data Exposure in vcita Online Booking & Scheduling Calendar Plugin for WordPress
CVE-2025-32238

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Online Booking & Scheduling Calendar For WordPress By Vcita
Vendor: CVE Published:; 4 April 2025

What is CVE-2025-32238?

A vulnerability exists in the vcita Online Booking & Scheduling Calendar for WordPress that allows attackers to generate error messages revealing sensitive embedded data. This could lead to unauthorized access to confidential information, impacting user privacy and security. The issue affects the plugin versions from n/a up to 4.5.2, emphasizing the need for users to ensure they are running a secured version to protect their data.

Affected Version(s)

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.2

References

https://patchstack.com/database/wordpress/plugin/meeting-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Apr 4, 2025

Credit

Joshua Chan (Patchstack Alliance)