Igms Direct Booking

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39652 MEDIUM This Month

Missing authorization in iGMS Direct Booking WordPress plugin versions 1.3 and earlier allows unauthenticated remote attackers to access sensitive information through incorrectly configured access control, affecting confidentiality but not integrity or availability. The vulnerability carries a CVSS score of 5.3 with network-based remote access and no authentication required, though EPSS exploitation probability is very low at 0.02% percentile, suggesting minimal real-world threat despite the authorization flaw.

Authentication Bypass Igms Direct Booking

NVD

CVSS 3.1

5.3

EPSS

0.0%

CVE-2026-39652

EPSS 0% CVSS 5.3

MEDIUM This Month

Missing authorization in iGMS Direct Booking WordPress plugin versions 1.3 and earlier allows unauthenticated remote attackers to access sensitive information through incorrectly configured access control, affecting confidentiality but not integrity or availability. The vulnerability carries a CVSS score of 5.3 with network-based remote access and no authentication required, though EPSS exploitation probability is very low at 0.02% percentile, suggesting minimal real-world threat despite the authorization flaw.

Authentication Bypass Igms Direct Booking

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy