CVE-2026-12393
WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders.
| Vendor | unknown |
| Product | wps bookings for woocommerce |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown wps bookings for woocommerce
Be the first to know when new unknown vulnerabilities affecting unknown wps bookings for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / WPS Bookings for WooCommerce
0 < 3.11.7
References
Credits
Sanjorn Keeratirungsan WPScan