Reversing WordPress CVEs: Baby Steps


While searching for fun CVEs in Wordpress Plugins, CVE-2023–2834 caught our eye. The plugin Bookit was vulnerable to an Authentication Bypass. As per Patchstack, this was a CVSS 9.8 issue, meaning it was quite impactful! Hence, me and Arpeet Rathi decided to take a look.