CVE-2026-11866
The CVE affects the WordPress Appointment Booking Plugin (before 5.6.3). The root cause is missing CSRF nonce validation on several state-changing actions handled by the central request dispatcher, enabling Cross-Site Request Forgery against an authenticated administrator. This allows privileged ...