Access Control Vulnerability in Webba Appointment Booking by Webba
CVE-2025-54040

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Webba Booking
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-54040?

The Webba Appointment Booking plugin is prone to a missing authorization vulnerability that arises from improperly configured access control security levels. This weakness may allow unauthorized users to gain access to features or data that should be protected, thus compromising the integrity and security of the application. The issue affects versions of the Webba Booking plugin up to 5.1.20, making it crucial for users to update to the latest version to safeguard their operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Webba Booking <= 5.1.20

References

https://patchstack.com/database/wordpress/plugin/webba-bo...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

Hiro (Code016Hiro) (Patchstack Alliance)

JSON

WordPress

What is CVE-2025-54040?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.