Lucene search
K

10 matches found

Cvelist
Cvelist
added 10 hours ago6 views

CVE-2026-11990 KiviCare <= 4.4.0 - Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation via /payment-success REST Endpoint

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS
Exploits0References12
Patchstack
Patchstack
added yesterday3 views

WordPress KiviCare – Clinic & Patient Management System (EHR) plugin <= 4.4.0 - Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation vulnerability

Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation vulnerability discovered by Niv Kochan in WordPress Plugin KiviCare versions = 4.4.0...

5.3CVSS6.1AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.11 views

CVE-2026-1932

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 6:16 a.m.9 views

CVE-2026-1932

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00284EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/14 5:54 a.m.6 views

CVE-2026-1932

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/14 5:54 a.m.3 views

CVE-2026-1932 Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/14 5:54 a.m.31 views

CVE-2026-1932 Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin Bookr 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.8 views

PT-2026-8057

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/26 7:39 a.m.4 views

WordPress Bookster plugin < 1.2.0 - Unauthenticated Appointment Status Update vulnerability

Unauthenticated Appointment Status Update vulnerability discovered by Roshan Cheriyan in WordPress Plugin Bookster versions 1.2.0...

6.5CVSS7AI score0.004EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder