Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Appointment Booking Plugin for WordPress | Efficient Booking, Calendar & Client Scheduling – Bookify 1.0.9

  • Severity: high-risk
  • Status: Fixed
  • Publication: July 29, 2025

The Bookify plugin for WordPress, which is used for booking appointments and managing schedules, has a security issue. This issue, known as Privilege Escalation, affects all versions of the plugin up to and including version 1.0.9. The problem is that the plugin does not properly check for user permissions on certain parts of its interface. This means that someone with a Subscriber-level account or higher could potentially create new user accounts with full administrative access.

Detected in:

Appointment Booking Plugin for WordPress | Efficient Booking, Calendar & Client Scheduling – Bookify fixed vulnerable versions: >= * <= 1.0.9
Bookify – Appointment Booking & Scheduling For Every Thinkable Business fixed vulnerable versions:
Bookify – Appointment Booking & Scheduling for WordPress fixed vulnerable versions:
Bookify – Appointment Booking & Scheduling Plugin for WordPress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.