Unauthenticated Access Issue in Booking Package by WordPress
CVE-2026-40774
7.5HIGH
What is CVE-2026-40774?
The Booking Package plugin versions up to 1.7.06 for WordPress is affected by an unauthenticated broken access control vulnerability. This flaw allows attackers to exploit improperly validated user permissions, potentially granting unauthorized access to sensitive features and data. Website administrators are encouraged to review and mitigate risks associated with this vulnerability by updating to secure versions.
Affected Version(s)
Booking Package <= 1.7.06