PT-2026-24175 · WordPress · Booktics
Kazuma Matsumoto
·
Published
2026-03-10
·
Updated
2026-03-10
·
CVE-2026-1920
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Booktics versions prior to 1.0.17
Description
The Booktics plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the
Extension Controller::update item permissions check function. An unauthenticated attacker can exploit this to install addon plugins.Recommendations
Update the Booktics plugin to version 1.0.17 or later.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Booktics