CVE-2025-7965: 
WordPress vulnerability analysis and mitigation

The CBX Restaurant Booking WordPress plugin through version 1.2.1 contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2025-7965. The vulnerability was discovered and disclosed on August 11, 2025, affecting the plugin's settings update functionality. The vulnerability exists due to the absence of CSRF protection mechanisms when updating plugin settings (WPScan).

The vulnerability stems from the lack of CSRF protection in the plugin's settings update functionality. It has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability requires user interaction and can be exploited over the network without requiring privileges (AttackerKB).

If successfully exploited, the vulnerability allows attackers to modify the plugin's settings through a CSRF attack when an authenticated administrator visits a malicious page. This could lead to unauthorized changes to the restaurant booking system's configuration (WPScan).

Currently, there is no known fix available for this vulnerability. Site administrators should exercise caution when clicking on unknown links while logged into their WordPress dashboard (WPScan).