CVE-2026-27428

CVE-2026-27428 affects the WordPress plugin Eagle Booking (Eagle Booking) up to version ≤1.3.4.3. The issue is an SQL Injection caused by improper neutralization of input in the plugin, enabling unauthorized SQL execution when exploited. The vulnerability is reported as requiring an authenticated...

CVE-2025-68976 WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability

Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

CVE-2025-68976

CVE-2025-68976 is a Missing Authorization vulnerability in the WordPress plugin Eagle Booking (Eagle Booking) up to version 1.3.4.3. Multiple sources (NVD/Red Hat/CIRCL feed etc.) describe it as an authenticated vulnerability allowing a settings change due to incorrectly configured access control...

CVE-2025-68975 WordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

CVE-2025-68975

CVE-2025-68975 concerns the WordPress Eagle Booking plugin (Eagle Booking) versions up to and including 1.3.4.3. Multiple connected sources describe an Insecure Direct Object References (IDOR) / authorization bypass when using a user-controlled key, allowing bypass of access controls. The NVD ent...

WordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...