CVE-2026-39585

The CVE-2026-39585 entry concerns the WordPress Booktics plugin, version range from unknown up to and including 1.0.16, described as a Missing Authorization vulnerability due to incorrectly configured access control. The vulnerability affects Booktics components (booktics) and is characterized by...

CVE-2026-39585 WordPress Booktics plugin <= 1.0.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16...

CVE-2026-39585 WordPress Booktics plugin <= 1.0.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16...

WordPress plugin Booktics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

CVE-2026-1919

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

WordPress Booktics plugin <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints vulnerability

Missing Authorization to Get Items via REST API endpoints vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Booktics versions = 1.0.16...

CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

CVE-2026-1920

CVE-2026-1920 affects the WordPress plugin Booktics (Booking Calendar for Appointments and Service Businesses) up to version 1.0.16. The root cause is a missing capability check in Extension_Controller::update_item_permissions_check, allowing unauthenticated attackers to install addon plugins and...

CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

CVE-2026-1919

Booktics (WordPress plugin) up to version 1.0.16 is affected by missing capability checks on multiple REST API endpoints, enabling unauthenticated access to sensitive data. Affected component: Booktics REST endpoints; root cause: insufficient authorization checks. Impact: unauthorized queries of ...

CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...