CVE-2025-47543 MEDIUM

CVE-2025-47543: WordPress TrueBooker plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability

Vendor Themetechmount
Product TrueBooker
Weakness CWE-352 · CSRF
Published May 7, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.

Explanation of Vulnerability in Simple Terms

02Summary

TrueBooker versions 1.0.7 and earlier are vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The attacker cannot read sensitive data, but can modify site content or settings. A patch version has not been publicly identified.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions (modify content, change settings) on behalf of a logged-in administrator.

Potential impact on your site

04Site Impact

An attacker could alter your site's configuration or content if an admin visits a compromised page.

Conditions required to exploit

05Prerequisites

Administrator must visit a malicious webpage while logged into TrueBooker.

Key dates

06Disclosure timeline

May 7, 2025 CVE published
April 28, 2026 Record updated