What the vulnerability does
01Description
Missing Authorization vulnerability in istmoplugins GetBookingsWP get-bookings-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetBookingsWP: from n/a through <= 1.1.27.
Explanation of Vulnerability in Simple Terms
02Summary
GetBookingsWP versions up to 1.1.27 lack proper authorization checks, allowing authenticated users with low privileges to disrupt site availability. An attacker with a basic user account can trigger a denial-of-service condition without requiring user interaction. The vulnerability affects the authorization layer rather than data confidentiality or integrity.
What an attacker can do
03Attacker Capabilities
Make the site unavailable or unresponsive by exploiting missing access controls.
Potential impact on your site
04Site Impact
Site downtime or performance degradation if an authenticated user exploits this flaw.
Conditions required to exploit
05Prerequisites
Attacker needs a low-privilege user account (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
April 3, 2025
CVE published
April 28, 2026
Record updated