What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.
Explanation of Vulnerability in Simple Terms
02Summary
WeDesignTech Ultimate Booking Addon versions 1.0.1 and earlier contain an authentication bypass vulnerability. An attacker can exploit weak or missing authentication mechanisms to gain unauthorized access to the booking system without valid credentials. This allows complete compromise of the addon's functionality, including reading, modifying, or deleting booking data. Immediate patching is required.
What an attacker can do
03Attacker Capabilities
Bypass authentication and gain full control over the booking addon without valid credentials.
Potential impact on your site
04Site Impact
Attackers can read, modify, or delete all booking data and potentially access sensitive customer information.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
March 5, 2026
CVE published
April 28, 2026
Record updated