CVE-2026-7493 | croixhaug Appointment Booking Calendar Plugin up to 1.6.11.5 on WordPress REST API Endpoint /wp-json/ssa/v1/async sleep resource consumption

Inserito da Angelo Barbosa | Mag 27, 2026 | CVE

A vulnerability classified as problematic has been found in croixhaug Appointment Booking Calendar Plugin up to 1.6.11.5 on WordPress. The affected element is the function sleep of the file /wp-json/ssa/v1/async of the component REST API Endpoint. This manipulation causes resource consumption.

This vulnerability appears as CVE-2026-7493. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-7493 | croixhaug Appointment Booking Calendar Plugin up to 1.6.11.5 on WordPress REST API Endpoint /wp-json/ssa/v1/async sleep resource consumption

Post correlati

CVE-2025-6020 | Linux-PAM up to 1.7.0 pam_namespace path traversal

CVE-2026-1081 | Set Bulk Post Categories Plugin up to 1.1 on WordPress cross-site request forgery

CVE-2025-11155 | SATO S86-ex 203dpi 61.00.00.09 weak encoding for password

CVE-2026-1581 | wpForo Forum Plugin up to 2.4.14 on WordPress wpfob sql injection