CVE-2025-12042

5.3 MEDIUM

Authentication Bypass

📋 TL;DR

The Course Booking System WordPress plugin allows unauthenticated attackers to directly access a CSV export file and download all booking data. This affects all WordPress sites using the plugin up to version 6.1.5. The vulnerability exists due to missing capability checks in the csv-export.php file.

💻 Affected Systems

Products:

• Course Booking System WordPress Plugin

Versions: All versions up to and including 6.1.5

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the vulnerable plugin active.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

All booking data (including potentially sensitive customer information) is exfiltrated by attackers, leading to data breach, privacy violations, and regulatory compliance issues.

🟠

Likely Case

Attackers download booking data containing names, email addresses, phone numbers, and course details, which could be used for phishing, spam, or identity theft.

🟢

If Mitigated

If proper access controls and web application firewalls are in place, unauthorized access attempts are blocked and logged.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only direct HTTP access to the vulnerable file path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.6 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3389366%40course-booking-system&new=3389366%40course-booking-system&sfp_email=&sfph_mail=#file86

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Course Booking System' and click 'Update Now'. 4. Verify version is 6.1.6 or higher.

🔧 Temporary Workarounds

Block direct access to csv-export.php

linux

Add .htaccess rule to block unauthenticated access to the vulnerable file

Copy

# Add to .htaccess in WordPress root directory
<Files "csv-export.php">
Order Allow,Deny
Deny from all
</Files>

Web Application Firewall rule

all

Block requests to /wp-content/plugins/course-booking-system/csv-export.php

🧯 If You Can't Patch

• Deactivate the Course Booking System plugin immediately
• Implement network-level blocking of requests to the vulnerable file path

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel > Plugins > Installed Plugins for Course Booking System version. If version is 6.1.5 or lower, you are vulnerable.

Check Version:

Copy

wp plugin list --name='course-booking-system' --field=version

Verify Fix Applied:

Copy

After updating, verify plugin version shows 6.1.6 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

• HTTP 200 responses to /wp-content/plugins/course-booking-system/csv-export.php from unauthenticated users
• Large CSV downloads from the plugin directory

Network Indicators:

• Unusual spikes in traffic to the csv-export.php endpoint
• CSV file downloads from unexpected IP addresses

SIEM Query:

Copy

source="web_server_logs" AND uri="/wp-content/plugins/course-booking-system/csv-export.php" AND response_code=200 AND NOT user_agent="WordPress/*"

📊 Metadata

CVE ID: CVE-2025-12042

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-862

EPSS Score: 0.07% exploit probability (21.2th percentile)

Published: November 8, 2025

Last Updated: November 12, 2025

🔗 References

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3389366%40course-booking-system&new=3389366%40course-booking-system&sfp_email=&sfph_mail=#file86
• https://www.wordfence.com/threat-intel/vulnerabilities/id/38b2b477-5b8a-42c2-b346-57707d9a34a5?source=cve

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12042, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)

CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)

CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)