PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57778 wpdevart CVE debrief

A Missing Authorization vulnerability exists in wpdevart Booking calendar, Appointment Booking System, affecting versions from n/a through 3.2.36. This issue is related to Exploiting Incorrectly Configured Access Control Security Levels, classified under CWE-862. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Users should verify the affected versions and apply patches or updates to version 3.2.36 or later. The CVE record was published on 2026-07-13T10:16:41.810Z and has not been modified since then. The NVD entry is currently in the 'Received' status.

Vendor
wpdevart
Product
Booking calendar, Appointment Booking System
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of wpdevart Booking calendar, Appointment Booking System versions from n/a through 3.2.36 should be aware of this Missing Authorization vulnerability and verify the affected versions. They should apply patches or updates to version 3.2.36 or later. Additionally, users should monitor for suspicious activity related to the Booking calendar, Appointment Booking System plugin.

Technical summary

The CVE-2026-57778 vulnerability is a Missing Authorization issue in the wpdevart Booking calendar, Appointment Booking System plugin. It has a CVSS score of 5.3 and is classified as MEDIUM severity. The vulnerability is related to CWE-862 and affects versions from n/a through 3.2.36. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. Users should review system logs, configuration files, and version numbers to identify potential vulnerabilities.

Defensive priority

Medium priority should be given to patching this vulnerability, as it has a MEDIUM severity score and could potentially be exploited to bypass authorization. It is recommended to prioritize patching based on the CVSS score of 5.3 and the potential impact on the system. Additionally, consider implementing compensating controls, such as additional authentication or access controls, to mitigate the vulnerability until a patch can be applied. Users should also monitor for suspicious activity related to the Booking calendar, Appointment Booking System plugin. Furthermore, it is essential to inventory and verify affected versions of wpdevart Booking calendar, Appointment Booking System to ensure that all instances are accounted for and patched accordingly. This can be done by reviewing system logs, configuration files, and version numbers to identify potential vulnerabilities. By taking these steps, users can reduce the risk of exploitation and protect their systems from potential attacks. The vulnerability is related to CWE-862, and the CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. This issue is related to Exploiting Incorrectly Configured Access Control Security Levels, classified under CWE-862. The CVE-2026-57778 vulnerability is a Missing Authorization issue in the wpdevart Booking calendar, Appointment Booking System plugin. It affects versions from n/a through 3.2.36. The vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. The vulnerability is related to CWE-862 and affects versions from n/a through 3.2.36. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. A Missing Authorization vulnerability exists in wpdevart Booking calendar, Appointment Booking System, affecting versions from n/a through 3.2.36. This issue is related to Exploiting Incorrectly Configured Access Control Security Levels, classified under CWE-862. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Users of wpdevart Booking calendar, Appointment Booking System versions from n/a through 3.2.36 should be aware of this Missing Authorization vulnerability. The de

Recommended defensive actions

  • Inventory and verify affected versions of wpdevart Booking calendar, Appointment Booking System
  • Apply patches or updates to version 3.2.36 or later
  • Monitor for suspicious activity related to the Booking calendar, Appointment Booking System plugin
  • Consider implementing compensating controls, such as additional authentication or access controls
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-13T10:16:41.810Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Patchstack has provided a mitigation reference for this vulnerability. The vulnerability affects wpdevart Booking calendar, Appointment Booking System versions from n/a through 3.2.36. Users should verify the affected versions and apply patches or updates to version 3.2.36 or later.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:41.810Z and has not been modified since then. The NVD entry is currently in the 'Received' status.