Lucene search
K

27 matches found

CVE
CVE
added 2026/03/10 2:21 a.m.9 views

CVE-2026-1920

CVE-2026-1920 affects the WordPress plugin Booktics (Booking Calendar for Appointments and Service Businesses) up to version 1.0.16. The root cause is a missing capability check in Extension_Controller::update_item_permissions_check, allowing unauthenticated attackers to install addon plugins and...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 2:21 a.m.5 views

CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 2026/03/10 2:21 a.m.14 views

CVE-2026-1919

Booktics (WordPress plugin) up to version 1.0.16 is affected by missing capability checks on multiple REST API endpoints, enabling unauthenticated access to sensitive data. Affected component: Booktics REST endpoints; root cause: insufficient authorization checks. Impact: unauthorized queries of ...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/10 2:21 a.m.2 views

CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/10 2:21 a.m.4 views

CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/10 2:21 a.m.26 views

CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

5.3CVSS0.00261EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

WordPress plugin Booking Calendar for Appointments and Service Businesses – Booktics 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References4
Rows per page
Query Builder