Primary

Context

WordPress Booked Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability allowing authentication bypass has been identified in the WordPress Booked plugin, specifically in versions through 3.0.0. This issue arises from improper authentication mechanisms, which could be exploited to gain unauthorized access to user accounts, potentially allowing attackers to perform actions reserved for higher-privileged users, such as administrative tasks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, with the potential for attackers to gain administrative privileges on the affected WordPress site.

Remediation

Users of the WordPress Booked plugin are advised to update to a version later than 3.0.0. For those seeking immediate protection, Patchstack offers a mitigation service that can be activated to block potential exploitation of this vulnerability.

Added: Feb 20, 2026, 6:15 PM

Updated: Feb 20, 2026, 6:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Booked Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating