CVE-2025-22669: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects AwesomeTOGI Awesome Event Booking WordPress plugin in versions up to and including 2.7.5. The vulnerability was discovered by Kévin Mosbahi (Mika) and publicly disclosed on February 3, 2025. The issue has been assigned CVE-2025-22669 and has been fixed in version 2.8.0 (WPScan, Patchstack).

The vulnerability stems from missing or incorrect nonce validation on a function within the plugin. It has been classified as CWE-352 (Cross-Site Request Forgery) with a CVSS v3.1 Base Score of 4.3 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (WPScan, Patchstack).

This vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on a malicious link. The impact is considered low to medium severity, primarily affecting the integrity of the system without compromising confidentiality or availability (Patchstack).

The recommended mitigation is to update the Awesome Event Booking plugin to version 2.8.0 or later, which contains the fix for this vulnerability. Site administrators using vulnerable versions should prioritize this update to prevent potential exploitation (Patchstack).