CVE Catalog

CVE-2026-27409

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

The Webba Booking WordPress plugin contains a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects versions from n/a through 6.4.13.

Risk Assessment

An attacker may gain unauthorized access to administrative functions or booking data, potentially leading to a breach of confidentiality and integrity of the booking system.

Recommendation

It is recommended to immediately update the Webba Booking plugin to the latest available version that fixes this vulnerability. Also review the access control configuration.

Original NVD description (English source)

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS