SQL Injection Vulnerability in Themefic Hydra Booking Plugin
CVE-2025-68055

Currently unrated

Key Information:

Vendor

WordPress
Status
Hydra Booking
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68055?

A SQL Injection vulnerability has been identified in the Themefic Hydra Booking plugin, which allows attackers to manipulate SQL queries executed by the application. This issue can lead to unauthorized access to sensitive data, including user information and administrative functionalities. The vulnerability affects versions of Hydra Booking up to and including 1.1.32, making it crucial for users to update to the latest version to mitigate potential risks. For detailed information and remediation steps, users are encouraged to consult security resources related to this plugin.

Affected Version(s)

Hydra Booking <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/hydr...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jarno Vos (jrn5151) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68055 : SQL Injection Vulnerability in Themefic Hydra Booking Plugin