cleantalk
Vulnerabilities and Security Researches

Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab, CVE-2025-8898

CVE, Research URL

CVE-2025-8898

Home page URL

Security reports for Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab

Application

Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab

Published on
Aug 16, 2025
Research Description
The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identity prior to updating their details like email address. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Affected versions
Min -, max 1.3.1.
Status
vulnerable
Previous vulnerability researches
WP Table Builder – WordPress Table Plugin (CVE-2025-49286) , Jun 14, 2025
WP Table Builder – WordPress Table Plugin (CVE-2025-32598) , Apr 12, 2025
WP Table Builder – WordPress Table Plugin (CVE-2024-3282) , Aug 25, 2024
WP Table Builder – WordPress Table Plugin (CVE-2024-43125) , Aug 11, 2024
WP Table Builder – WordPress Table Plugin (1ce82cedaf0f4fa2befb03531d4f716b2db4b794) , Jun 07, 2024
New vulnerability
Translate This gTranslate Shortcode (CVE-2025-8719) , Aug 16, 2025
CM WordPress Search And Replace Plugin (CVE-2025-54728) , Aug 16, 2025
CM WordPress Search And Replace Plugin (CVE-2025-54727) , Aug 16, 2025
Gestion de tarifs (CVE-2025-7662) , Aug 16, 2025
Shortcode Redirect (CVE-2025-54746) , Aug 16, 2025