What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
Explanation of Vulnerability in Simple Terms
02Summary
Eagle Booking versions up to 1.3.4.3 contain a vulnerability that allows authenticated users to disrupt service availability. An attacker with low-level account access can trigger a denial-of-service condition through network requests. The vulnerability does not affect data confidentiality or integrity, only system availability.
What an attacker can do
03Attacker Capabilities
Disrupt the booking system's availability for other users.
Potential impact on your site
04Site Impact
Authenticated users can cause temporary service disruption; data remains secure but bookings may be unavailable.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
06Disclosure timeline
December 30, 2025
CVE published
April 28, 2026
Record updated