The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options.CreditsKhaled Alenazi (Nxploited)WPScanReferenceshttps://wpscan.com/vulnerability/60cb3d5f-1aa5-4858-ab84-07fe7c023fdd/
