Impact
The vulnerability is unauthenticated broken authentication in Booknetic plugin versions 4.8.5 and earlier, allowing an attacker to log in as any user, including administrators. This can give the attacker full control over the WordPress site, enabling data theft, defacement, and further compromise. The weakness is classified as improper authentication mechanisms (CWE‑288).
Affected Systems
The affected product is the WordPress Booknetic plugin from fs‑code, any version up to and including 4.8.5. Site owners running these versions via WordPress are at risk. No additional vendor or product details are listed.
Risk and Exploitability
The CVSS score of 8.1 indicates high severity. The EPSS score is not provided and it is not listed in the CISA KEV catalog, so exploitation likelihood remains uncertain, but the unauthenticated nature and popularity of the plugin suggest a moderate‑to‑high potential for active attacks. An attacker can exploit the flaw through the plugin’s authentication endpoints with no special privileges.
OpenCVE Enrichment