PT-2026-5502 · WordPress · Booking Calendar
Published
2026-01-31
·
Updated
2026-01-31
·
CVE-2026-1431
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Booking Calendar versions prior to 10.14.13
Description
The Booking Calendar plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the
wpbc ajax WPBC FLEXTIMELINE NAV() function. This allows unauthenticated attackers to retrieve booking information, potentially including customer names, phone numbers, and email addresses.Recommendations
Update to a version newer than 10.14.13.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Booking Calendar