PatchSiren cyber security CVE debrief
CVE-2026-39587 WP BASE Booking CVE debrief
CVE-2026-39587 is a high-severity vulnerability in the WP BASE Booking plugin, with a CVSS score of 8.1. The vulnerability allows for unauthenticated privilege escalation and affects versions up to 5.9.0. The CVE was published on 2026-06-15T21:16:47.923Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- WP BASE Booking
- Product
- WP BASE Booking
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the WP BASE Booking plugin, particularly those using versions up to 5.9.0, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a weakness in the WP BASE Booking plugin, which allows an attacker to escalate privileges without authentication. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Update the WP BASE Booking plugin to a version that is not vulnerable.
- Refer to the vendor's documentation or support pages for information on patched versions.
Evidence notes
The CVE record and details were obtained from official sources, including [cve-org] and [nvd]. Additional information was obtained from [ref-4].
Official resources
-
CVE-2026-39587 CVE record
CVE.org
-
CVE-2026-39587 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39587 was published on 2026-06-15T21:16:47.923Z and last modified on 2026-06-15T21:24:32.790Z.