What the vulnerability does
01Description
Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.5.
Explanation of Vulnerability in Simple Terms
02Summary
The vcita Online Booking & Scheduling Calendar plugin for WordPress contains an information disclosure vulnerability in versions up to 4.5.5. An authenticated user with low privileges can access sensitive information through the plugin's functionality. The vulnerability requires a valid WordPress account but no additional user interaction. Site administrators should update the plugin to a version newer than 4.5.5.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the plugin that should not be accessible to their privilege level.
Potential impact on your site
04Site Impact
Users' sensitive data may be exposed to authenticated attackers with basic WordPress accounts.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress user account (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
April 4, 2025
CVE published
May 12, 2026
Record updated