{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22634", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-07T21:02:24.870Z", "datePublished": "2025-03-27T15:27:43.481Z", "dateUpdated": "2025-03-27T16:15:09.542Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "easy-booked", "product": "Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress", "vendor": "MD Abu Jubayer Hossain", "versions": [{"changes": [{"at": "2.4.6", "status": "unaffected"}], "lessThanOrEqual": "2.4.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "l8BL (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.<p>This issue affects Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-03-27T15:27:43.481Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/easy-booked/vulnerability/wordpress-easy-booked-plugin-2-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress plugin to the latest available version (at least 2.4.6)."}], "value": "Update the WordPress Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress plugin to the latest available version (at least 2.4.6)."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T16:15:04.186319Z", "id": "CVE-2025-22634", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T16:15:09.542Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22634", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T16:15:04.186319Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T16:14:53.201Z"}}], "cna": {"title": "WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "l8BL (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MD Abu Jubayer Hossain", "product": "Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress", "versions": [{"status": "affected", "changes": [{"at": "2.4.6", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.4.5"}], "packageName": "easy-booked", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress plugin to the latest available version (at least 2.4.6).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress plugin to the latest available version (at least 2.4.6).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/easy-booked/vulnerability/wordpress-easy-booked-plugin-2-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.<p>This issue affects Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-03-27T15:27:43.481Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22634", "state": "PUBLISHED", "dateUpdated": "2025-03-27T16:15:09.542Z", "dateReserved": "2025-01-07T21:02:24.870Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-03-27T15:27:43.481Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5."}], "id": "CVE-2025-22634", "lastModified": "2025-03-27T16:45:12.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-03-27T16:15:28.433", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/easy-booked/vulnerability/wordpress-easy-booked-plugin-2-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}