7 matches found
CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...
CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpssfwadmincancelsusbcription function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action withou...
WordPress Subscriptions for WooCommerce plugin <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability
Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability discovered by shrikant bhosale in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.2...
CVE-2025-14843
The CVE CVE-2025-14843 affects Wizit Gateway for WooCommerce (WordPress) and is reported as Unauthenticated Arbitrary Order Cancellation in all versions up to 1.2.9. The root cause is missing authentication/authorization checks in the handle_checkout_redirecturl_response function, enabling unauth...
CVE-2025-12787
CVE-2025-12787 affects Hydra Booking — Appointment Scheduling & Booking Calendar (WordPress) up to version 1.1.27, allowing unauthenticated cancellation of arbitrary bookings. The root cause is insufficiently random cancellation tokens combined with a globally shared nonce in the tfhb_meeting_for...
CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...
SUSE CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...