Course Booking System

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an export of all booking data.

Basic Information

ID CVE-2025-12042

Source Wordfence

Published Nov 8, 2025 at 03:27

Affected Product

Vendor werbeagenturcommotion

Product Course Booking System

Version *

Affected Versions werbeagenturcommotion Course Booking System *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an export of all booking data.",
    "published": "2025-11-08T03:27:46.819Z",
    "modified": "2025-11-08T03:27:46.819Z",
    "type": "cve",
    "title": "Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38b2b477-5b8a-42c2-b346-57707d9a34a5?source=cve\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3389366%40course-booking-system&new=3389366%40course-booking-system&sfp_email=&sfph_mail=#file86",
    "id": "CVE-2025-12042",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "werbeagenturcommotion Course Booking System *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Course Booking System",
    "version": "*",
    "vendor": "werbeagenturcommotion",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export_CVE-2025-12042