Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
WeDesignTech Ultimate Booking Addon: Unsecured Alternate Authentication Route
CVE-2026-27389
Summary
The WeDesignTech Ultimate Booking Addon has a security weakness that allows attackers to bypass its usual login process. This means that unauthorized users may be able to access the addon's features without providing the correct login credentials. To stay safe, update to the latest version of the addon (1.0.2 or higher) as soon as possible.
Original title
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue...
Original description
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.
Vulnerability type
CWE-288
Authentication Bypass Using Alternate Path
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026