← Back

Truebooker

truebooker

Vendor: Themetechmount • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-47543
1Themetechmount
1Truebooker
Apr 23, 2026
May 7, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
CVE-2024-6925
1Themetechmount
1Truebooker
Sep 11, 2024
Sep 8, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2024-6924
1Themetechmount
1Truebooker
Sep 11, 2024
Sep 8, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.