Description
Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Patch
AI Analysis

Impact

The Court Reservation plugin for WordPress has a missing authorization flaw that allows attackers to bypass security controls and manipulate reservation data, including reading, modifying, or deleting entries, which can compromise data integrity and confidentiality.

Affected Systems

Affected systems include the webmuehle Court Reservation plugin for WordPress, with all releases up to and including version 1.10.11 vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1 % suggests low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attackers likely need authenticated access with sufficient privileges or benefit from misconfigured access levels, and can exploit the flaw through the plugin’s web interface or crafted requests.

Generated by OpenCVE AI on April 13, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Court Reservation plugin to a version newer than 1.10.11
  • Restrict user roles that have permission to manage reservations
  • Verify that access controls are properly enforced in the plugin configuration
  • Monitor application logs for unauthorized reservation operations

Generated by OpenCVE AI on April 13, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Webmuehle
Webmuehle court Reservation
Wordpress
Wordpress wordpress
Vendors & Products Webmuehle
Webmuehle court Reservation
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
Title WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Webmuehle Court Reservation
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:52:03.910Z

Reserved: 2026-04-07T10:58:05.154Z

Link: CVE-2026-39675

cve-icon Vulnrichment

Updated: 2026-04-13T18:18:46.175Z

cve-icon NVD

Status : Deferred

Published: 2026-04-08T09:16:39.087

Modified: 2026-04-29T10:17:38.963

Link: CVE-2026-39675

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:38:39Z

Weaknesses