Browse all 4 CVE security advisories affecting Webba Appointment Booking. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Webba Appointment Booking is a WordPress plugin for scheduling and managing appointments online. Historically, it has been affected by multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls. The plugin has accumulated four CVEs, highlighting ongoing security challenges. Notable characteristics include its widespread use in healthcare and service industries, making it a valuable target for attackers. Security researchers have consistently identified vulnerabilities that could allow unauthorized access or system compromise, emphasizing the need for prompt updates and careful implementation by users handling sensitive scheduling data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66530 | WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability — Webba BookingCWE-862 | 4.3 | Medium | 2025-12-09 |
| CVE-2025-54040 | WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability — Webba BookingCWE-862 | 6.5 | Medium | 2025-08-20 |
| CVE-2025-54729 | WordPress Webba Booking Plugin <= 6.0.5 - Cross Site Scripting (XSS) Vulnerability — Webba BookingCWE-79 | 5.9 | Medium | 2025-08-14 |
| CVE-2025-54036 | WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability — Webba BookingCWE-352 | 4.3 | Medium | 2025-07-16 |
This page lists every published CVE security advisory associated with Webba Appointment Booking. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.