Missing Authorization Vulnerability in Themefic Hydra Booking Plugin
CVE-2026-42675

7.3HIGH

Key Information:

Vendor: WordPress
Status: Hydra Booking
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-42675?

A vulnerability has been identified in the Themefic Hydra Booking plugin, where incorrectly configured access control security levels can allow unauthorized users to exploit the system. This allows for unauthorized actions to be carried out without proper authentication, posing a risk to sensitive data and overall platform integrity. Users of versions from n/a up to 1.1.41 are particularly susceptible, emphasizing the need for immediate attention to patching and securing their installations to mitigate potential threats.

Affected Version(s)

Hydra Booking <= 1.1.41

References

https://patchstack.com/database/wordpress/plugin/hydra-bo...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

raihan adi arba | Patchstack Bug Bounty Program

CVE-2026-42675 Data

JSON