CVE-2025-12787 | Hydra Booking Plugin up to 1.1.27 on WordPress AJAX Endpoint tfhb_meeting_form_submit_callback excessive authentication

Inserito da Angelo Barbosa | Nov 11, 2025 | CVE

A vulnerability was found in Hydra Booking Plugin up to 1.1.27 on WordPress. It has been rated as problematic. The affected element is the function tfhb_meeting_form_submit_callback of the component AJAX Endpoint. Performing manipulation results in improper restriction of excessive authentication attempts.

This vulnerability is identified as CVE-2025-12787. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-12787 | Hydra Booking Plugin up to 1.1.27 on WordPress AJAX Endpoint tfhb_meeting_form_submit_callback excessive authentication

Post correlati

CVE-2025-43387 | Apple macOS up to 15.7.1 App permission

CVE-2024-12045 | Essential Blocks Plugin up to 5.0.9 on WordPress cross site scripting

CVE-2024-9470 | Palo Alto Cortex XSOAR up to 6.12.0 exposure of sensitive system information to an unauthorized control sphere

CVE-2025-53349 | Laborator Kalium Plugin up to 3.18.3 on WordPress cross site scripting