CVE-2026-32384

Name of the Vulnerable Software and Affected Versions WpBookingly versions n/a through 1.2.9

Description The software contains an improper control of filename for include/require statement, leading to a PHP local file inclusion issue. This allows for the inclusion of local PHP files. The vulnerability exists due to insufficient validation of filenames used in include/require operations within the PHP program. No information is available regarding the number of potentially affected devices or any real-world exploitation incidents. The vulnerable component involves the use of include or require statements with improperly sanitized filenames.

Recommendations Update WpBookingly to a version newer than 1.2.9.