CVE-2025-69095
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| designthemes | reservation_plugin | to 1.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69095 is a medium severity vulnerability in the WordPress Reservation Plugin (versions up to and including 1.7). It is a settings change vulnerability caused by broken access control, allowing unauthorized and unauthenticated users to change plugin settings without proper authentication. This means attackers can exploit incorrectly configured access control security levels to modify settings they should not have access to. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to change the settings of the Reservation Plugin without any authentication, potentially leading to unauthorized modifications that could disrupt service, compromise website functionality, or create further security risks. Since no privileges are required to exploit it, it is moderately dangerous and likely to be targeted by attackers. Until an official patch is released, users must apply mitigation rules to block exploitation attempts. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for unauthorized attempts to change settings in the Reservation Plugin without authentication. Since the vulnerability allows unauthenticated access to change settings, network or web application firewall logs can be inspected for suspicious requests targeting the plugin's settings endpoints. Patchstack has issued a mitigation rule that can help block exploitation attempts, which can also be used to detect attack attempts. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the Patchstack mitigation rule provided to block attacks exploiting this vulnerability until an official patch is released. Since no official fix or patched version is currently available, applying this mitigation is critical to protect your website from unauthorized settings changes via the Reservation Plugin. [1]