Medium severity5.3NVD Advisory· Published Jan 31, 2026· Updated Apr 15, 2026
CVE-2026-1431
CVE-2026-1431
Description
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information including customer names, phones and emails.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=10.14.13
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.