WeDesignTech Ultimate Booking Addon: Unauthorized Access to Accounts

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

WeDesignTech Ultimate Booking Addon: Unauthorized Access to Accounts

CVE-2026-27390

Summary

A weakness in the WeDesignTech Ultimate Booking Addon for certain versions allows attackers to bypass normal login procedures, potentially gaining access to user accounts. This is concerning because it could lead to unauthorized actions within the affected system. We recommend updating to the latest version of the Addon to mitigate this risk.

Original title

Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue...

Original description

Vulnerability type

CWE-288 Authentication Bypass Using Alternate Path

https://patchstack.com/database/Wordpress/Plugin/wedesigntech-ultimate-booking-a...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026