Booking Calendar WordPress Plugin Data Exposure Vulnerability

Vulnerability

A vulnerability in the Booking Calendar plugin for WordPress allows unauthorized data access. This issue arises from a missing capability check in the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function, affecting all versions up to and including 10.14.13. As a result, unauthenticated attackers can retrieve booking details, including customer names, phone numbers, and email addresses.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive booking information, including customer contact details.

Added: Jan 31, 2026, 5:18 AM

Updated: Jan 31, 2026, 5:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.0

remediation

0.0

relevance

2.4

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.0

remediation

0.0

relevance

2.4

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Booking Calendar WordPress Plugin Data Exposure Vulnerability

Vulnerability

Impact

Affected Products

Booking Calendar

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating