CVE-2026-3576
CVE-2026-3576 affects the Planyo Online Reservation System plugin for WordPress (versions up to 3.0). The flaw is an unauthenticated Server-Side Request Forgery via the ulap_url AJAX proxy (ulap.php). The allowlist checks a host (e.g., localhost) but does not validate the URL scheme, allowing a c...