CVE-2026-1919 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capab…
Medium CVSS: 5.3

CVE-2026-1919

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to query sensitive data.
Vendor
-
Product
-
CWE
CWE-306
Yayın Tarihi
2026-03-10 17:32:45
Güncelleme
2026-03-11 13:53:47
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-306 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/appointment/controllers/appointment-controller.php#L549 https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/customer/controllers/customer-controller.php#L229 https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/order/controllers/order-controller.php#L889 https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/team-member/controllers/team-member-controller.php#L235 https://plugins.trac.wordpress.org/changeset/3477898/booktics https://www.wordfence.com/threat-intel/vulnerabilities/id/c88dcf62-4b6c-4ff0-8530-5aefd54bd347?source=cve