CVE-2025-12842
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-12842, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-19

Last updated on: 2025-11-19

Assigner: Wordfence

Description

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot_appt_email AJAX action. This makes it possible for unauthenticated attackers to send appointment notification emails to arbitrary recipients with attacker-controlled text content in certain email fields, potentially enabling the site to be abused for phishing campaigns or spam distribution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-19
Last Modified
2025-11-19
Generated
2026-07-06
AI Q&A
2025-11-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wordpress booking_plugin 1.4.7

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Booking Plugin for WordPress Appointments – Time Slot plugin up to version 1.4.7. It allows unauthenticated attackers to send appointment notification emails to arbitrary recipients by exploiting missing validation on the tslot_appt_email AJAX action. Attackers can control certain email fields' text content, enabling misuse of the site for phishing or spam campaigns.

Impact Analysis

The vulnerability can be exploited by attackers to send unauthorized emails from your site to arbitrary recipients. This can lead to your site being used for phishing attacks or spam distribution, potentially damaging your site's reputation and trustworthiness.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12842. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart