N/A
2026-04-22< 2.5.4.1
Bookit — Booking & Appointment Calendar <= 2.5.1 - Missing Authorization
Bookit — Booking & Appointment Calendar
Minimum safe version
2.5.4.1
Update to 2.5.4.1 or later to address 13 fixable vulnerabilities
Latest available2.5.4.1 ✓
Medium 5.3
2025-12-12< 2.5.1
CVE-2025-12841
High 7.5
2025-11-12< 2.5.1
CVE-2025-12633
Medium 6.3
2024-10-16< 2.2.9
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 6.5
2024-05-17< 2.4.1
CVE-2024-24715
High 7.6
2024-12-21< 2.4.4
WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection
N/A
2023-07-18< 2.4.0
WordPress BookIt Plugin < 2.4.0 is vulnerable to Cross Site Scripting (XSS)
Critical 9.8
2023-06-30< 2.3.8
CVE-2023-2834
N/A
2022-03-04< 2.2.9
Freemius SDK <= 2.4.2 - Missing Authorization Checks
N/A
< 2.1.6
Booking Calendar | Appointment Booking | BookIt < 2.1.6 - Authorised AJAX Calls
N/A
2021-06-30< 2.1.6
WordPress BookIt plugin <= 2.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2022-02-28< 2.2.9
WordPress BookIt plugin < 2.2.9 - Sensitive Information Disclosure vulnerability
N/A
2022-02-28< 2.2.9
WordPress BookIt plugin < 2.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability