cnvd - cnvd-2025-29292

CNVD-2025-29292

Vulnerability from cnvd - Published: 2025-11-24

Title

WordPress Booking for Appointments plugin输入验证错误漏洞

Description

WordPress Booking for Appointments plugin是用于在WordPress网站上实现预约管理的工具。 WordPress Booking for Appointments plugin存在输入验证错误漏洞，该漏洞源于tslot_appt_email AJAX动作缺少验证，攻击者可利用该漏洞导致未验证攻击者发送任意电子邮件。

Severity

中

Patch Name

WordPress Booking for Appointments plugin输入验证错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网: https://wordpress.org/plugins/timeslothttps://wordpress.org/plugins/timeslot

Reference

https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L21

Impacted products

Name
WordPress Booking for Appointments plugin <=1.4.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-12842",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-12842"
    }
  },
  "description": "WordPress Booking for Appointments plugin\u662f\u7528\u4e8e\u5728WordPress\u7f51\u7ad9\u4e0a\u5b9e\u73b0\u9884\u7ea6\u7ba1\u7406\u7684\u5de5\u5177\u3002\n\nWordPress Booking for Appointments plugin\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8etslot_appt_email AJAX\u52a8\u4f5c\u7f3a\u5c11\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u9a8c\u8bc1\u653b\u51fb\u8005\u53d1\u9001\u4efb\u610f\u7535\u5b50\u90ae\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://wordpress.org/plugins/timeslothttps://wordpress.org/plugins/timeslot",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-29292",
  "openTime": "2025-11-24",
  "patchDescription": "WordPress Booking for Appointments plugin\u662f\u7528\u4e8e\u5728WordPress\u7f51\u7ad9\u4e0a\u5b9e\u73b0\u9884\u7ea6\u7ba1\u7406\u7684\u5de5\u5177\u3002\r\n\r\nWordPress Booking for Appointments plugin\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8etslot_appt_email AJAX\u52a8\u4f5c\u7f3a\u5c11\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u9a8c\u8bc1\u653b\u51fb\u8005\u53d1\u9001\u4efb\u610f\u7535\u5b50\u90ae\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Booking for Appointments plugin\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Booking for Appointments plugin \u003c=1.4.7"
  },
  "referenceLink": "https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L21",
  "serverity": "\u4e2d",
  "submitTime": "2025-11-21",
  "title": "WordPress Booking for Appointments plugin\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2025-12842 (GCVE-0-2025-12842)

Vulnerability from cvelistv5 – Published: 2025-11-19 05:45 – Updated: 2025-11-19 20:13

Summary

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot_appt_email AJAX action. This makes it possible for unauthenticated attackers to send appointment notification emails to arbitrary recipients with attacker-controlled text content in certain email fields, potentially enabling the site to be abused for phishing campaigns or spam distribution.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-20 - Improper Input Validation

Assigner

Wordfence

References

URL

Tags

	https://www.wordfence.com/threat-intel/vulnerabil…
	https://plugins.trac.wordpress.org/browser/timesl…
	https://plugins.trac.wordpress.org/browser/timesl…
	https://plugins.trac.wordpress.org/changeset?sfp_…

Impacted products

	Vendor	Product	Version
	timeslotplugins	Booking Plugin for WordPress Appointments – Time Slot	Affected: * , ≤ 1.4.7 (semver)

Credits

Md. Moniruzzaman Prodhan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T20:13:13.236079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T20:13:20.453Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Booking Plugin for WordPress Appointments \u2013 Time Slot",
          "vendor": "timeslotplugins",
          "versions": [
            {
              "lessThanOrEqual": "1.4.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Md. Moniruzzaman Prodhan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Booking Plugin for WordPress Appointments \u2013 Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot_appt_email AJAX action. This makes it possible for unauthenticated attackers to send appointment notification emails to arbitrary recipients with attacker-controlled text content in certain email fields, potentially enabling the site to be abused for phishing campaigns or spam distribution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-19T05:45:10.444Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/087b6943-5da8-44fe-8614-832768444178?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L21"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/timeslot/tags/1.4.6/public/form/email.php#L23"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3397527%40timeslot\u0026new=3397527%40timeslot\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-06T23:27:24.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-11-18T17:24:42.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Booking Plugin for WordPress Appointments \u2013 Time Slot \u003c= 1.4.7 - Unauthenticated Arbitrary Email Sending"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-12842",
    "datePublished": "2025-11-19T05:45:10.444Z",
    "dateReserved": "2025-11-06T20:19:03.726Z",
    "dateUpdated": "2025-11-19T20:13:20.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-29292

CVE-2025-12842 (GCVE-0-2025-12842)

Tags

Sightings

Nomenclature