What the vulnerability does
01Description
Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress car-park-booking-system-for-wordpress.This issue affects Car Park Booking System for WordPress: from n/a through <= 2.6.
Explanation of Vulnerability in Simple Terms
02Summary
The Car Park Booking System for WordPress plugin through version 2.6 lacks proper authorization checks on certain functions. A logged-in user with low privileges can modify booking data or system settings they should not have access to. The vulnerability requires an active WordPress account but no special interaction from other users.
What an attacker can do
03Attacker Capabilities
Modify booking records or system settings without proper permission.
Potential impact on your site
04Site Impact
Unauthorized users can alter car park bookings or plugin configuration, disrupting service and potentially causing financial loss.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress user account (e.g., subscriber or customer role).
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated