Skip to main content

Wps Bookings For Woocommerce

1 CVEs product

Monthly

CVE-2026-12393 MEDIUM POC PATCH This Month

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders.

WordPress Wps Bookings For Woocommerce Authentication Bypass
NVD WPScan VulDB
CVSS 3.1
5.4
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders.

WordPress Wps Bookings For Woocommerce Authentication Bypass
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy