Plattform
wordpress
Komponente
movie-booking
Behoben in
1.1.6
CVE-2025-67963 describes an Arbitrary File Access vulnerability within the Ovatheme Movie Booking WordPress plugin. This flaw allows attackers to potentially read arbitrary files on the server by manipulating file paths, leading to sensitive data exposure. Versions 0.0.0 through 1.1.5 are affected, and a patch is available in version 1.1.6.
The Arbitrary File Access vulnerability allows an attacker to bypass intended security restrictions and access files outside of the intended directory. In the context of the ovatheme Movie Booking plugin, this could allow an attacker to read configuration files, database credentials, or even source code from the web server. Successful exploitation could lead to information disclosure, privilege escalation, and potentially complete compromise of the WordPress instance. The impact is amplified if the server hosts other sensitive applications or data.
CVE-2025-67963 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The vulnerability's severity is considered HIGH due to the potential for sensitive data exposure. It is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the Ovatheme Movie Booking plugin, particularly those running versions 0.0.0 through 1.1.5, are at risk. Shared hosting environments where users have limited control over plugin installations are especially vulnerable, as are sites with default or weak file permissions.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/movie-booking/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/movie-booking/../../../../etc/passwd'• wordpress / composer / npm:
wp plugin list --status=inactive | grep movie-bookingdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-67963 is to immediately upgrade the ovatheme Movie Booking plugin to version 1.1.6 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Additionally, restrict file permissions on the WordPress installation to minimize the potential damage from a successful exploit. After upgrading, verify the fix by attempting to access files outside the plugin's intended directory via a web browser; access should be denied.
Aktualisieren Sie auf Version 1.1.6 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-67963 is a vulnerability in Ovatheme Movie Booking allowing attackers to read arbitrary files on the server. It has a HIGH severity rating (CVSS: 8.6) and affects versions 0.0.0 through 1.1.5.
You are affected if your WordPress site uses the Ovatheme Movie Booking plugin and is running version 0.0.0 through 1.1.5. Check your plugin versions immediately.
Upgrade the Ovatheme Movie Booking plugin to version 1.1.6 or later. If immediate upgrade is not possible, implement WAF rules to block path traversal attempts.
There is currently no confirmed active exploitation of CVE-2025-67963, but the vulnerability's nature makes it likely that exploits will emerge.
Refer to the official Ovatheme Movie Booking plugin documentation and WordPress security announcements for the latest advisory regarding CVE-2025-67963.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.