cleantalk
Vulnerabilities and Security Researches

WP BASE Booking of Appointments, Services and Events, CVE-2024-12558

CVE, Research URL

CVE-2024-12558

Home page URL

Security reports for WP BASE Booking of Appointments, Services and Events

Application

WP BASE Booking of Appointments, Services and Events

Published on
Dec 21, 2024
Research Description
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.
Affected versions
max 5.0.0.
Status
vulnerable
Previous vulnerability researches
WP BASE Booking of Appointments, Services and Events (CVE-2025-22684) , Feb 04, 2025
WP BASE Booking of Appointments, Services and Events (CVE-2024-12737) , Feb 28, 2025
WP BASE Booking of Appointments, Services and Events (CVE-2024-12469) , Dec 18, 2024
WP BASE Booking of Appointments, Services and Events (CVE-2024-12558) , Dec 23, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026