CVE-2025-68515 PUBLISHED

WordPress WP Booking System plugin <= 2.0.19.12 - Sensitive Data Exposure vulnerability

Assigner: Patchstack
Reserved: 19.12.2025 Published: 05.03.2026 Updated: 05.03.2026

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12.

Product Status

Vendor	Roland Murg
Product	WP Booking System
Versions	Default: unaffected affected from n/a to <= 2.0.19.12 (incl.)

Credits

benzdeus | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/wp-booking-system/vulnerability/wordpress-wp-booking-system-plugin-2-0-19-12-sensitive-data-exposure-vulnerability?_s_id=cve

Problem Types

Insertion of Sensitive Information Into Sent Data CWE

Impacts

Retrieve Embedded Sensitive Data