Plateforme
wordpress
Composant
court-reservation
Corrigé dans
1.10.9
1.10.9
CVE-2026-1508 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Court Reservation – Manage Your Court Bookings Online plugin for WordPress. This vulnerability allows unauthenticated attackers to potentially perform unauthorized actions if they can manipulate a site administrator into clicking a malicious link. The vulnerability impacts versions of the plugin up to 1.10.9 (exclusive), and a fix is available in version 1.10.9.
A successful CSRF attack could allow an attacker to perform actions as an authenticated administrator of the WordPress site. This could include creating, modifying, or deleting court bookings, changing plugin settings, or potentially gaining access to sensitive data. The impact is particularly severe because CSRF attacks often rely on social engineering, making it difficult for administrators to detect the malicious activity. The attacker doesn't need to know administrator credentials, only to craft a request that appears legitimate to the browser.
CVE-2026-1508 was publicly disclosed on 2026-02-17. There are currently no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. The CVSS score of 4.3 (MEDIUM) indicates a moderate risk, suggesting that exploitation is possible but not highly probable without significant effort.
WordPress websites using the Court Reservation – Manage Your Court Bookings Online plugin, particularly those with administrator accounts that are not adequately protected by strong passwords and two-factor authentication, are at risk. Shared hosting environments where multiple websites share the same server resources may also be vulnerable if one site is running an outdated version of the plugin.
• wordpress / composer / npm:
grep -r 'Court Reservation' /var/www/html/wp-content/plugins/
wp plugin list | grep 'Court Reservation'• generic web:
curl -I https://your-wordpress-site.com/wp-admin/plugins.php?action=install | grep 'Court Reservation'disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 0%)
Vecteur CVSS
The primary mitigation for CVE-2026-1508 is to immediately upgrade the Court Reservation plugin to version 1.10.9 or later. If upgrading is not immediately possible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, educate administrators about the risks of clicking on suspicious links and verify the legitimacy of any requests before confirming them. Review WordPress security best practices, including enabling two-factor authentication for administrator accounts.
Mettez à jour vers la version 1.10.9, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-1508 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Court Reservation plugin for WordPress, allowing attackers to perform actions as administrators.
You are affected if you are using Court Reservation plugin versions 1.10.9 or earlier. Upgrade to 1.10.9 to mitigate the risk.
Upgrade the Court Reservation plugin to version 1.10.9 or later. Consider WAF rules as a temporary workaround if upgrading is not immediately possible.
There are currently no known public exploits or active campaigns targeting CVE-2026-1508, but it remains a potential risk.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.