CVE-2025-57978: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects themespride Advanced Appointment Booking & Scheduling plugin through version 1.9. The vulnerability was discovered and reported by Nabil Irawan on July 23, 2025, and was publicly disclosed on September 22, 2025. The issue has been assigned CVE-2025-57978 and affects all versions of the Advanced Appointment Booking & Scheduling plugin up to and including version 1.9 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS v3.1 base score of 4.3 (MEDIUM), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is tracked under CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit (Patchstack).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, and the vulnerability is unlikely to be exploited (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects versions up to and including 1.9, and no patched version has been released (Patchstack).