CVE-2026-6937 | croixhaug Appointment Booking Calendar Plugin up to 1.6.11.8 on WordPress REST API Endpoint authorization

A vulnerability classified as critical was found in croixhaug Appointment Booking Calendar Plugin up to 1.6.11.8 on WordPress. Affected by this issue is some unknown functionality of the component REST API Endpoint. Executing a manipulation can lead to missing authorization.

This vulnerability is registered as CVE-2026-6937. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More