CVE Catalog

CVE-2026-57746

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

The Booked plugin version 3.0.0 and earlier contains a broken access control vulnerability exploitable by subscribers. A subscriber can gain unauthorized access to functions intended for higher roles.

Risk Assessment

The risk involves privilege escalation by a subscriber, potentially leading to unauthorized access to sensitive data or administrative functions.

Recommendation

It is recommended to immediately update the Booked plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Booked <= 3.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS