Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Booktics plugin for WordPress allows unauthorized data changes
CVE-2026-1920
Summary
The Booktics plugin for WordPress is missing a security check, which allows attackers to install new plugins without permission. This means that unauthorized users can make changes to the plugin's settings and data. To protect your site, update the Booktics plugin to the latest version.
Original title
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_C...
Original description
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Controller::update_item_permissions_check' function in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to install addon plugins.
nvd CVSS3.1
5.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026