MEDIUM
Magepeople inc.
CVE published 2026-05-20
CVE-2026-27405
CVE-2026-27405 is a missing authorization / broken access control issue in the WpBookingly WordPress plugin, affecting versions through 1.2.9. The CVE was published on 2026-05-20 and carries a CVSS 3.1 score of 6.5 (Medium). Based on the provided CVSS vector, exploitation requires elevated privileges, but successful abuse can impact both integrity and availability. This is not listed as a known CISA KEV i [truncated]