CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

EUVD-2025-84362

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

CVE-2021-21670

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission...

[Full-disclosure] WMH AutoPilot: Unauthorized hosting account cancellation request

Title: WMH AutoPilot: Unauthorized hosting account cancellation request Access: Remote Product: WHM AutoPilot http://www.whmautopilot.com Severity: Moderately Low Synopsis: A vulnerability has been identified that allows the unauthorized filing of hosting account cancellation requests. Vulnerable...