Appointment Booking Calendar Plugin Bookr Missing Authorization Vulnerability in WordPress

Vulnerability

A vulnerability exists in the Appointment Booking Calendar Plugin - Bookr for WordPress, in all versions through 1.0.2. The issue arises from a lack of proper capability checks on the update-appointment REST API endpoint, allowing unauthenticated attackers to arbitrarily modify the status of any appointment.

Impact

Exploitation of this vulnerability allows for unauthorized users to change the status of appointments, potentially leading to misuse of the booking system.

Added: Feb 14, 2026, 6:19 AM

Updated: Feb 14, 2026, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

2.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

2.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Appointment Booking Calendar Plugin Bookr Missing Authorization Vulnerability in WordPress

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating