Plattform
wordpress
Komponente
appointify
Behoben in
1.0.9
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Appointify WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin's functionality. The vulnerability affects versions from 0.0.0 up to and including 1.0.8. A fix is available in a later version of the plugin.
The CSRF vulnerability in Appointify allows an attacker to craft malicious requests that appear to originate from a legitimate user. If successful, an attacker could modify appointment settings, delete existing appointments, or potentially gain access to sensitive user data managed by the plugin. The impact is amplified if the plugin is used in environments with shared hosting, where multiple users might be affected by a single compromised account. This vulnerability could be leveraged in phishing campaigns or through malicious websites to target vulnerable users.
As of the publication date (2025-12-31), there is no indication of active exploitation of CVE-2025-59130. No public proof-of-concept (PoC) code has been released. The vulnerability has been added to the NVD database. The EPSS score is pending evaluation.
Websites utilizing the Appointify WordPress plugin in versions 0.0.0 through 1.0.8 are at risk. This includes businesses and organizations relying on Appointify for appointment scheduling and management. Shared hosting environments are particularly vulnerable as a single compromised account could impact multiple websites.
• wordpress / composer / npm:
grep -r 'appointify/appointify' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep appointify• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-content/plugins/appointify/appointify.php | grep -i 'server' # Check for unusual server headersdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59130 is to upgrade the Appointify plugin to a version that includes the security fix. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive forms and actions within the plugin. Web Application Firewalls (WAFs) can also be configured to filter out suspicious requests that exhibit CSRF patterns. Regularly review WordPress plugin security best practices to minimize the risk of future vulnerabilities.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle eingehend und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59130 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Appointify versions 0.0.0–1.0.8, allowing attackers to perform unauthorized actions.
You are affected if you are using Appointify versions 0.0.0 through 1.0.8. Upgrade to a patched version as soon as possible.
Upgrade the Appointify plugin to a version containing the security fix. If immediate upgrade is not possible, implement temporary CSRF mitigation measures.
As of the publication date, there is no evidence of active exploitation, but vigilance is still advised.
Refer to the Appointify plugin documentation and WordPress plugin repository for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.