Back to CVE List

CVE-2026-12393

Vulnerability Description

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
WPS Bookings for WooCommerce

External References

Discussion (0)

Add Comment

No comments yet. Be the first!