CVE Catalog
CVE-2026-57746
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.24%
14th percentile — higher than 14% of all known CVEs
Summary
The Booked plugin version 3.0.0 and earlier contains a broken access control vulnerability exploitable by subscribers. A subscriber can gain unauthorized access to functions intended for higher roles.
Risk Assessment
The risk involves privilege escalation by a subscriber, potentially leading to unauthorized access to sensitive data or administrative functions.
Recommendation
It is recommended to immediately update the Booked plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in Booked <= 3.0.0 versions.

