Primary

Context

WordPress Booktics Plugin Data Exposure Vulnerability

Vulnerability

A vulnerability in the Booking Calendar for Appointments and Service Businesses - Booktics plugin for WordPress allows unauthorized data access. This issue arises from a lack of proper capability checks on several REST API endpoints, affecting all versions up to and including 1.0.16. As a result, unauthenticated attackers can retrieve sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, such as customer information and appointment details.

Reproduction

The vulnerability can be reproduced by sending a request to the affected REST API endpoints without authentication. The missing capability checks allow for the unauthorized retrieval of sensitive data.

Remediation

Users are advised to update the Booktics plugin to version 1.0.17 or later, where this vulnerability has been addressed.

Added: Mar 10, 2026, 5:50 PM

Updated: Mar 10, 2026, 5:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

3.7

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

3.7

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Booktics Plugin Data Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating