Access Control Flaw in Webba Booking by Webba Plugins
CVE-2026-27409
5.3MEDIUM
What is CVE-2026-27409?
The Webba Booking plugin by Webba Plugins is susceptible to a missing authorization vulnerability, allowing attackers to exploit improperly configured access control security levels. This flaw impacts all versions of the plugin up to and including 6.4.13, potentially permitting unauthorized users to access restricted functionalities and data. Consequently, it heightens the risk of misuse and data breaches. It is crucial for users of this plugin to review and implement proper access controls to mitigate the risks associated with this vulnerability.
Affected Version(s)
Webba Booking <= 6.4.13