CyberRota
← Ana sayfaya dön

CVE-2026-9576

MEDIUM · CVSS 4.9 EPSS %0.14

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-30T07:16:32.867 · Çekilme zamanı: 2026-06-30T18:37:35.419229+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-9576
Severity
MEDIUM
CVSS
4.9
EPSS
%0.14
WordPress

Orijinal NVD Açıklaması

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.