Booknetic
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25439 | 0.00 | — | — | Jun 17, 2026 | Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions. | |||
| CVE-2024-13146 | 0.00 | — | 0.00 | Mar 26, 2025 | The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack |
- CVE-2026-25439Jun 17, 2026risk 0.00cvss —epss —
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
- CVE-2024-13146Mar 26, 2025risk 0.00cvss —epss 0.00
The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack