CVE-2025-7965
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-11
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cbx | restaurant_booking | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the CBX Restaurant Booking WordPress plugin version 1.2.1 and earlier. It occurs because the plugin does not have CSRF protection when updating its settings. An attacker can exploit this by tricking a logged-in administrator into visiting a specially crafted URL, which forces the admin to unknowingly change or reset the plugin settings without their consent. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the CBX Restaurant Booking WordPress plugin version 1.2.1 or earlier is installed and if the plugin settings can be updated without CSRF protection. One way to test is to attempt accessing the URL `https://example.com/wp-admin/edit.php?post_type=cbxrbooking&page=cbxrbookingsettings&cbxrbooking_fullreset=1` while logged in as an admin and observe if the settings are reset without additional CSRF tokens or checks. There are no specific commands provided for detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Since there is no known fix for this vulnerability, immediate mitigation steps include restricting access to the WordPress admin area to trusted users only, implementing additional security measures such as Web Application Firewalls (WAF) to block CSRF attack patterns, and avoiding clicking on suspicious links while logged in as an administrator. Monitoring admin activity for unexpected changes to plugin settings is also recommended. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to change or reset the plugin settings without your knowledge if you are a logged-in administrator. This could disrupt the normal operation of the restaurant booking system, potentially causing loss of configuration, service interruptions, or unauthorized changes that affect your website's functionality. [1]