CVE-2026-12433 | themefic Hydra Booking Plugin up to 1.2.1 REST Endpoint details getBookingDetails ID resource injection
A vulnerability was found in themefic Hydra Booking Plugin up to 1.2.1 and classified as problematic. The impacted element is the function getBookingDetails of the file /wp-json/hydra-booking/v1/booking/details of the component REST Endpoint. Executing a manipulation of the argument ID can lead to improper control of resource identifiers.
The identification of this vulnerability is CVE-2026-12433. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More