Cross Site Request Forgery Vulnerability in Booked Plugin by WordPress
CVE-2026-57747

6.5MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
2 July 2026

What is CVE-2026-57747?

The Booked plugin for WordPress is susceptible to an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in versions up to 3.0.0. This allows attackers to perform unauthorized actions on behalf of a user without their consent. Users of affected versions should implement security measures to mitigate potential exploitation and ensure their applications remain secure.

Affected Version(s)

Booked <= 3.0.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO | Patchstack Bug Bounty Program
.