Platform
wordpress
Component
appointify
Fixed in
1.0.9
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Appointify WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin's functionality. The vulnerability affects versions from 0.0.0 up to and including 1.0.8. A fix is available in a later version of the plugin.
The CSRF vulnerability in Appointify allows an attacker to craft malicious requests that appear to originate from a legitimate user. If successful, an attacker could modify appointment settings, delete existing appointments, or potentially gain access to sensitive user data managed by the plugin. The impact is amplified if the plugin is used in environments with shared hosting, where multiple users might be affected by a single compromised account. This vulnerability could be leveraged in phishing campaigns or through malicious websites to target vulnerable users.
As of the publication date (2025-12-31), there is no indication of active exploitation of CVE-2025-59130. No public proof-of-concept (PoC) code has been released. The vulnerability has been added to the NVD database. The EPSS score is pending evaluation.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59130 is to upgrade the Appointify plugin to a version that includes the security fix. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive forms and actions within the plugin. Web Application Firewalls (WAFs) can also be configured to filter out suspicious requests that exhibit CSRF patterns. Regularly review WordPress plugin security best practices to minimize the risk of future vulnerabilities.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59130 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Appointify versions 0.0.0–1.0.8, allowing attackers to perform unauthorized actions.
You are affected if you are using Appointify versions 0.0.0 through 1.0.8. Upgrade to a patched version as soon as possible.
Upgrade the Appointify plugin to a version containing the security fix. If immediate upgrade is not possible, implement temporary CSRF mitigation measures.
As of the publication date, there is no evidence of active exploitation, but vigilance is still advised.
Refer to the Appointify plugin documentation and WordPress plugin repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.