CVE Catalog

CVE-2025-66123

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

An Insecure Direct Object References (IDOR) vulnerability in BookPro version 1.1.0 and earlier allows an unauthenticated attacker to access resources they should not have permission to. The issue stems from a lack of authorization checks when directly referencing objects.

Risk Assessment

An attacker can read, modify, or delete other users' data without authentication, leading to a breach of data confidentiality and integrity in the system.

Recommendation

Immediately update the BookPro plugin to the latest available version that fixes this vulnerability. If an update is not possible, implement access control mechanisms at the application level.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS