CVE ID :CVE-2026-5693
Published : May 12, 2026, 7:48 a.m. | 42 minutes ago
Description :The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab_cancel_booking() function in all versions up to, and including, 1.0.8. The nonce check uses && (AND) instead of || (OR), which means providing any value for the security parameter causes the entire check to be skipped. This makes it possible for unauthenticated attackers to cancel arbitrary bookings by supplying a predictable booking ID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…