Authorization Flaw in Themovation Hotel Booking Theme by Bellevue
CVE-2025-39398
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 May 2025
What is CVE-2025-39398?
The missing authorization vulnerability in Themovation's Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue allows unauthorized users to potentially gain access to sensitive features and data. This flaw, present in versions from n/a through 4.2.2, poses a risk to the security and privacy of users interacting with the booking system, highlighting the importance of implementing robust access control measures.
Affected Version(s)
Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue <= 4.2.2