Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 3:37 a.m.33 views

CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...

5.3CVSS0.00307EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/18 2:24 a.m.5 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability discovered by shrikant bhosale in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.2...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/24 7:26 a.m.18 views

CVE-2025-14843

The CVE CVE-2025-14843 affects Wizit Gateway for WooCommerce (WordPress) and is reported as Unauthenticated Arbitrary Order Cancellation in all versions up to 1.2.9. The root cause is missing authentication/authorization checks in the handle_checkout_redirecturl_response function, enabling unauth...

5.3CVSS5.7AI score0.00299EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 11:3 a.m.15 views

CVE-2025-12787

CVE-2025-12787 affects Hydra Booking — Appointment Scheduling & Booking Calendar (WordPress) up to version 1.1.27, allowing unauthenticated cancellation of arbitrary bookings. The root cause is insufficiently random cancellation tokens combined with a globally shared nonce in the tfhb_meeting_for...

5.3CVSS5.7AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 11:3 a.m.10 views

CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS0.0026EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/06/26 11:21 p.m.3 views

SUSE CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...

7.5CVSS6.8AI score0.00331EPSS
Exploits0References3
Rows per page
Query Builder