The BookIt plugin for WordPress is vulnerable to an issue where people who are not authenticated can access certain areas of the website. This means that if someone knows the email of an existing user, such as an administrator, they can gain access without needing to authenticate themselves. This vulnerability affects versions of BookIt up to and including 2.3.7.