Skip to main content

Taxi Booking Manager For Woocommerce

1 CVEs product

Monthly

CVE-2026-25426 MEDIUM This Month

Unauthenticated broken access control in Magepeople Inc.'s Taxi Booking Manager for WooCommerce plugin (versions up to and including 2.0.1) exposes limited information to remote attackers without requiring any credentials or user interaction. The plugin fails to enforce proper authorization checks on one or more endpoints, classified under CWE-862 (Missing Authorization), allowing unauthenticated network requests to access functionality or data that should be restricted. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.03%, indicating low observed exploitation probability at time of analysis.

Authentication Bypass WordPress Taxi Booking Manager For Woocommerce
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated broken access control in Magepeople Inc.'s Taxi Booking Manager for WooCommerce plugin (versions up to and including 2.0.1) exposes limited information to remote attackers without requiring any credentials or user interaction. The plugin fails to enforce proper authorization checks on one or more endpoints, classified under CWE-862 (Missing Authorization), allowing unauthenticated network requests to access functionality or data that should be restricted. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.03%, indicating low observed exploitation probability at time of analysis.

Authentication Bypass WordPress Taxi Booking Manager For Woocommerce
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy