High CVE-2026-9851 The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the package_app_action AJAX endpoint, where the handler only...

#Sicherheitslücke #Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[High] CVE-2026-9851 – The Booking Package plugin for WordPress is vulnerable to Privilege Escalation v...

VERWANDTEARTIKEL

Crypto-Funded Chinese Peptide Labs Are Booming

CVE-2026-20245

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks