What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental booqable-rental-reservations allows Cross Site Request Forgery.This issue affects Booqable Rental: from n/a through <= 2.4.25.
Explanation of Vulnerability in Simple Terms
02Summary
Booqable Rental versions up to 2.4.25 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or webpage that, when visited by a logged-in Booqable user, performs unwanted actions on their account without their knowledge. The vulnerability requires user interaction—the victim must click the link or visit the attacker's page while authenticated.
What an attacker can do
03Attacker Capabilities
Perform actions on a user's Booqable account without their consent by tricking them into visiting a malicious link.
Potential impact on your site
04Site Impact
Users' rental bookings, account settings, or other actions could be modified by attackers without their knowledge or consent.
Conditions required to exploit
05Prerequisites
User must be logged into Booqable and click a malicious link or visit an attacker-controlled webpage.
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated