Plattform
wordpress
Komponente
booktics
Behoben in
1.0.17
CVE-2026-1919 describes an unauthorized data access vulnerability discovered in the Booktics WordPress plugin. This flaw allows unauthenticated attackers to retrieve sensitive information through improperly secured REST API endpoints. The vulnerability impacts versions 1.0.0 through 1.0.16 of the plugin, and a fix is available in version 1.0.17.
The primary impact of CVE-2026-1919 is the potential exposure of sensitive data stored within the Booktics plugin. Attackers can leverage the missing capability checks to query these endpoints without authentication, potentially gaining access to appointment details, customer information, or other confidential data. The scope of data exposure depends on the specific data stored and accessible through the plugin's REST API. While the vulnerability is not directly exploitable for remote code execution, the data breach could lead to further attacks, such as identity theft or denial of service.
CVE-2026-1919 was publicly disclosed on 2026-03-10. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Given the relatively low CVSS score and lack of public exploits, the probability of active exploitation is currently considered low, but diligent monitoring is recommended.
Websites utilizing the Booktics plugin for appointment scheduling and service businesses are at risk. Specifically, sites running older versions (1.0.0–1.0.16) and those with limited security configurations are particularly vulnerable. Shared hosting environments where plugin updates are not managed by the site administrator are also at increased risk.
• wordpress / composer / npm:
grep -r 'wp_kses_post' /var/www/html/wp-content/plugins/booktics/• wordpress / composer / npm:
wp plugin list --status=all | grep booktics• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-json/booktics/v1/appointments• generic web: Check WordPress plugin directory for recent reports or discussions related to Booktics vulnerabilities.
disclosure
Exploit-Status
EPSS
0.04% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The most effective mitigation for CVE-2026-1919 is to immediately upgrade the Booktics plugin to version 1.0.17 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the plugin's REST API endpoints using a web application firewall (WAF) or proxy server. Configure the WAF to block requests to these endpoints from unauthorized users. Regularly review plugin configurations and ensure that all access controls are properly enforced. After upgrading, confirm the fix by attempting to access the vulnerable REST API endpoints without authentication; access should be denied.
Aktualisieren Sie auf Version 1.0.17 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1919 is a MEDIUM severity vulnerability affecting the Booktics WordPress plugin, allowing unauthenticated attackers to query sensitive data via REST API endpoints due to a missing capability check.
You are affected if you are using Booktics WordPress plugin versions 1.0.0 through 1.0.16. Upgrade to version 1.0.17 or later to resolve the issue.
Upgrade the Booktics plugin to version 1.0.17 or later. As a temporary workaround, restrict access to the plugin's REST API endpoints using a WAF or proxy server.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-1919, but diligent monitoring is recommended.
Refer to the Booktics plugin website or WordPress plugin directory for the official advisory and update information regarding CVE-2026-1919.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.