CVE-2026-27389

Critical CVSS: 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.

Vendor

Product

CWE

CWE-288

Yayın Tarihi

2026-03-05 06:16:28

Güncelleme

2026-03-09 16:16:20

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-288 CRITICAL 2026

Referanslar

https://patchstack.com/database/Wordpress/Plugin/wedesigntech-ultimate-booking-addon/vulnerability/wordpress-wedesigntech-ultimate-booking-addon-plugin-1-0-1-account-takeover-vulnerability-2?_s_id=cve