CVE-2026-1704 | croixhaug Appointment Booking Calendar Plugin up to 1.6.9.29 on WordPress get_item_permissions_check ID authorization

Inserito da Angelo Barbosa | Mar 13, 2026 | CVE

A vulnerability was found in croixhaug Appointment Booking Calendar Plugin up to 1.6.9.29 on WordPress. It has been rated as problematic. The impacted element is the function get_item_permissions_check. The manipulation of the argument ID leads to authorization bypass.

This vulnerability is traded as CVE-2026-1704. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-1704 | croixhaug Appointment Booking Calendar Plugin up to 1.6.9.29 on WordPress get_item_permissions_check ID authorization

Post correlati

CVE-2025-3395 | ABB Automation Builder up to 2.8.0 permission assignment

CVE-2025-27889 | wftpserver Wing FTP Server up to 7.4.3 Parameter downloadpass.html url external control of system or configuration setting

CVE-2025-21413 | Microsoft Windows up to Server 2025 Telephony Service heap-based overflow

CVE-2023-6755 | DedeBIZ 6.2 content_batchup_action.php endid sql injection