Primary

Context

Fluent Booking WordPress Plugin Missing Authorization Vulnerability in Calendar Management

Vulnerability

A vulnerability exists in the Fluent Booking plugin for WordPress, allowing unauthorized calendar import and management. This issue arises from a missing capability check in the 'importCalendar' function, affecting all versions up to and including 1.9.11. Authenticated attackers with subscriber-level access or higher can exploit this vulnerability to import arbitrary calendars and manage them.

Impact

Exploitation of this vulnerability allows for unauthorized users to import and manage calendars, potentially leading to misuse of scheduling and event management features.

Remediation

Users are advised to update the Fluent Booking plugin to version 1.10.0 or a newer patched version.

Added: Dec 3, 2025, 2:17 PM

Updated: Dec 3, 2025, 2:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fluent Booking WordPress Plugin Missing Authorization Vulnerability in Calendar Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating