What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.3.0.
Explanation of Vulnerability in Simple Terms
02Summary
Taxi Booking Manager for WooCommerce versions 1.3.0 and earlier contain an authentication bypass vulnerability. An attacker can exploit weak or missing authentication checks to gain unauthorized access to the plugin's functionality without valid credentials. This affects all confidentiality, integrity, and availability of the booking system. Site administrators should update immediately to a patched version.
What an attacker can do
03Attacker Capabilities
Gain full unauthorized access to the taxi booking system without valid credentials.
Potential impact on your site
04Site Impact
Attackers can read, modify, or delete booking data and customer information without restriction.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
August 20, 2025
CVE published
April 28, 2026
Record updated