{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39675", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:58:05.154Z", "datePublished": "2026-04-08T08:30:39.993Z", "dateUpdated": "2026-04-08T08:30:39.993Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "court-reservation", "product": "Court Reservation", "vendor": "webmuehle", "versions": [{"lessThanOrEqual": "1.10.11", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:41.007Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Court Reservation: from n/a through <= 1.10.11.</p>"}], "value": "Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:39.993Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/court-reservation/vulnerability/wordpress-court-reservation-plugin-1-10-11-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11."}], "id": "CVE-2026-39675", "lastModified": "2026-04-08T21:26:35.910", "metrics": {}, "published": "2026-04-08T09:16:39.087", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/court-reservation/vulnerability/wordpress-court-reservation-plugin-1-10-11-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.10.11]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Court Reservation", "source": "cna", "vendor": "webmuehle"}, "product": "court_reservation", "vendor": "webmuehle"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:33:05.868270+00:00", "value": {"mitigation_remediation": ["Check whether the Court Reservation plugin is installed and determine its version.", "If the installed version is 1.10.11 or earlier, upgrade to the latest release available from the vendor to apply the patch.", "If no newer version is available, consider disabling or uninstalling the plugin until a fix is released.", "Apply general WordPress hardening practices, such as restricting user roles to the least privilege necessary.", "Monitor WordPress logs for suspicious or unauthorized activity related to the plugin."], "summary": {"action": "Patch", "impact": "Unauthorized access or privilege escalation"}, "threat_synthesis": {"affected_systems": "The affected product is the Court Reservation plugin for WordPress, released by webmuehle. All versions from the first release through 1.10.11 are vulnerable. Any WordPress site installing one of these versions is at risk.", "description_and_impact": "The vulnerability is a missing authorization flaw that allows attackers to exploit incorrectly configured access control levels within the Court Reservation plugin. This flaw can enable users to perform actions beyond those they are permitted to, resulting in unauthorized activity and potential privilege escalation. The weakness is identified as CWE-862: Access Control Failure.", "risk_and_exploitability": "Because the issue is a direct lack of authorization checks, an attacker can exploit the vulnerability by sending crafted HTTP requests to the plugin\u2019s exposed endpoints; this attack vector is inferred based on the nature of the flaw. The CVSS score is not provided, so the precise severity is unknown, but broken access control often carries a high risk. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, leaving the exact exploitation probability uncertain but potentially moderate to high for sites that expose the plugin to the public web."}}}}, "created": "2026-04-08T19:27:57.269228+00:00", "updated": "2026-04-08T19:41:00.706814+00:00", "vendors": ["webmuehle", "webmuehle$PRODUCT$court_reservation", "wordpress", "wordpress$PRODUCT$wordpress"]}