CVE-2025-66123
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
An Insecure Direct Object References (IDOR) vulnerability in BookPro version 1.1.0 and earlier allows an unauthenticated attacker to access resources they should not have permission to. The issue stems from a lack of authorization checks when directly referencing objects.
Risk Assessment
An attacker can read, modify, or delete other users' data without authentication, leading to a breach of data confidentiality and integrity in the system.
Recommendation
Immediately update the BookPro plugin to the latest available version that fixes this vulnerability. If an update is not possible, implement access control mechanisms at the application level.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.

