27 matches found
CVE-2026-1920
CVE-2026-1920 affects the WordPress plugin Booktics (Booking Calendar for Appointments and Service Businesses) up to version 1.0.16. The root cause is a missing capability check in Extension_Controller::update_item_permissions_check, allowing unauthenticated attackers to install addon plugins and...
CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...
CVE-2026-1919
Booktics (WordPress plugin) up to version 1.0.16 is affected by missing capability checks on multiple REST API endpoints, enabling unauthenticated access to sensitive data. Affected component: Booktics REST endpoints; root cause: insufficient authorization checks. Impact: unauthorized queries of ...
CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...
CVE-2026-1920
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...
CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...
WordPress plugin Booking Calendar for Appointments and Service Businesses – Booktics 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...