A vulnerability marked as problematic has been reported in xtreeme Planyo Online Reservation System Plugin up to 3.0 on WordPress. Impacted is the function
send_http_post of the file ulap.php of the component AJAX Proxy. Performing a manipulation of the argument url results in improper input validation.
This vulnerability is known as CVE-2026-3576. Remote exploitation of the attack is possible. No exploit is available.