Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Booktics plugin for WordPress exposes sensitive data to unauthorized users
CVE-2026-1919
Summary
The Booktics plugin for WordPress allows anyone to access sensitive information without needing a password. This means hackers could see confidential data. Update to the latest version to fix this issue.
Original title
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endp...
Original description
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to query sensitive data.
nvd CVSS3.1
5.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
- https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/appointment...
- https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/customer/co...
- https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/order/contr...
- https://plugins.trac.wordpress.org/browser/booktics/tags/1.0.15/core/team-member...
- https://plugins.trac.wordpress.org/changeset/3477898/booktics
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c88dcf62-4b6c-4ff0-853...
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026