CVE-2026-9721 | chuhpl Book a Room Event Calendar Plugin up to 1.9 on WordPress Setting settings_form action cross-site request forgery

Inserito da Angelo Barbosa | Giu 24, 2026 | CVE

A vulnerability was found in chuhpl Book a Room Event Calendar Plugin up to 1.9 on WordPress. It has been rated as problematic. This affects the function settings_form of the component Setting Handler. The manipulation of the argument action leads to cross-site request forgery.

This vulnerability is referenced as CVE-2026-9721. Remote exploitation of the attack is possible. No exploit is available.

Applying a patch is the recommended action to fix this issue.

CVE-2026-9721 | chuhpl Book a Room Event Calendar Plugin up to 1.9 on WordPress Setting settings_form action cross-site request forgery

Post correlati

CVE-2025-22890 | Humming Heads Defense Platform Home Edition up to 3.9.51.x unnecessary privileges

CVE-2024-48872 | Mattermost up to 9.5.12/9.11.4/10.0.2/10.1.2 race condition

CVE-2025-6959 | Campcodes Employee Management System 1.0 /eloginwel.php ID sql injection

CVE-2025-53253 | Josh WP Edit Plugin up to 4.0.4 on WordPress cross site scripting