Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation.

This issue affects BookIt: from n/a before 2.5.4.1.
Published: 2026-06-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an authentication bypass using an alternate path or channel that allows an attacker to exploit the password recovery functionality in the Liquid Web / StellarWP BookIt plugin without proper credentials. When triggered, the flaw permits an unauthorized user to reset the password of a legitimate account, thereby gaining full access to that account and its associated resources. The weakness is classified as CWE‑288, which denotes improper authorization practices that can lead to confidentiality and integrity compromises.

Affected Systems

Liquid Web and StellarWP publish the BookIt plug‑in for WordPress. All installations running any version prior to 2.5.4.1 are affected. The vulnerability is present in the plugin’s password‑recovery endpoint and any alternate routes that fail to enforce the required authentication checks.

Risk and Exploitability

The CVSS score of 7.5 marks this issue as High, and the EPSS score is not available, implying there is no current data on exploitation frequency. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack is likely to be remote, triggered by an unauthenticated user sending a crafted request to the password‑reset path. Once the exploit is successful, the attacker can immediately assume control of the compromised account, potentially accessing or modifying sensitive data and operations within the affected WordPress site.

Generated by OpenCVE AI on June 2, 2026 at 16:51 UTC.

Remediation

Vendor Solution

Update the WordPress BookIt Plugin to the latest available version (at least 2.5.4.1).

OpenCVE Recommended Actions

  • Upgrade the WordPress BookIt plugin to version 2.5.4.1 or newer. This patch removes the alternate paths that allow the authentication bypass.
  • Disable or protect the password‑reset endpoint by applying firewall rules or using WordPress plugins that block unauthenticated access to password recovery URLs.
  • Enable account monitoring and auditing, such as logging and alerting on password reset requests, to detect potential abuse of the recovery functionality.

Generated by OpenCVE AI on June 2, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Liquid Web / Stellarwp
Liquid Web / Stellarwp bookit
Wordpress
Wordpress wordpress
Vendors & Products Liquid Web / Stellarwp
Liquid Web / Stellarwp bookit
Wordpress
Wordpress wordpress

Tue, 02 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1.
Title WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Liquid Web / Stellarwp Bookit
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-02T15:53:37.430Z

Reserved: 2026-04-15T09:20:42.117Z

Link: CVE-2026-40780

cve-icon Vulnrichment

Updated: 2026-06-02T15:53:34.320Z

cve-icon NVD

Status : Deferred

Published: 2026-06-02T16:16:39.307

Modified: 2026-06-02T17:11:00.443

Link: CVE-2026-40780

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:50:55Z

Weaknesses
  • CWE-288

    Authentication Bypass Using an Alternate Path or Channel