PatchSiren cyber security CVE debrief
CVE-2026-48882 codepeople CVE debrief
A high-severity vulnerability, CVE-2026-48882, was discovered in the WP Time Slots Booking Form plugin, affecting versions up to and including 1.2.50. This vulnerability allows subscribers to inject SQL, potentially leading to unauthorized data access or manipulation. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.5, indicating a high level of severity. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- codepeople
- Product
- WP Time Slots Booking Form
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites utilizing the WP Time Slots Booking Form plugin, especially those with subscriber-level user accounts, should be aware of this vulnerability. Given its high CVSS score, immediate attention is recommended to mitigate potential risks.
Technical summary
The vulnerability, identified as CWE-89 (SQL Injection), allows a subscriber to execute SQL injection attacks. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, indicating that the attack vector is network-based, requires low attack complexity, low privileges (subscriber level), no user interaction, and can lead to high impact on confidentiality, with no impact on integrity or availability.
Defensive priority
High
Recommended defensive actions
- Update the WP Time Slots Booking Form plugin to a version that fixes this vulnerability.
- Review subscriber-level access and permissions on your WordPress site to minimize potential attack surfaces.
- Monitor your site for any suspicious database queries or unauthorized access attempts.
Evidence notes
Evidence suggests that this vulnerability was identified and reported through Patchstack, as indicated by the reference link provided.
Official resources
-
CVE-2026-48882 CVE record
CVE.org
-
CVE-2026-48882 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48882 was published on 2026-06-15T21:17:17.497Z and last modified on 2026-06-15T21:24:32.790Z.