CVE-2026-12393
Vulnerability Description
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
WPS Bookings for WooCommerce
Discussion (0)
Add Comment
No comments yet. Be the first!