CVE-2026-25439
Deferred Deferred - Pending Action
Unauthenticated Broken Authentication in Booknetic

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-25439
EUVD
EUVD-2026-37666
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
booknetic booknetic to 4.8.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Booknetic Plugin, versions 4.8.5 and below, contains a high-priority Broken Authentication vulnerability (CVE-2026-25439). This flaw allows unauthenticated attackers to bypass authentication controls and perform actions that are normally restricted to higher-privileged users, such as administrators.

This vulnerability falls under the OWASP Top 10 category A7: Identification and Authentication Failures, indicating a failure in properly verifying user identities.

Impact Analysis

Exploitation of this vulnerability can lead to an attacker gaining administrative access to your website without any authentication.

  • Full control over the website's backend.
  • Potential data theft or manipulation.
  • Installation of malicious code or backdoors.
  • Disruption of website availability or integrity.

Because of the high CVSS score of 8.1, this vulnerability is considered highly risky and is expected to be targeted in mass-exploit campaigns.

Mitigation Strategies

Immediate action is advised to mitigate this vulnerability since there is no official patch available as of the report date.

  • Update the Booknetic plugin to a version above 4.8.5 once an official fix is released.
  • Apply the mitigation rule issued by Patchstack to block attacks targeting this vulnerability.
  • Seek assistance from your hosting provider or a developer to implement temporary protections.
Compliance Impact

The vulnerability in the Booknetic plugin allows unauthenticated attackers to gain administrative access, leading to potential unauthorized access to sensitive data.

Such unauthorized access can result in violations of common standards and regulations like GDPR and HIPAA, which require strict controls over authentication and protection of personal and sensitive information.

Specifically, the vulnerability falls under the OWASP Top 10 category A7: Identification and Authentication Failures, highlighting its impact on authentication security.

Failure to address this vulnerability could lead to non-compliance with these regulations due to compromised confidentiality, integrity, and availability of data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25439. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart