Description
Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access or privilege escalation
Action: Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows attackers to exploit incorrectly configured access control levels within the Court Reservation plugin. This flaw can enable users to perform actions beyond those they are permitted to, resulting in unauthorized activity and potential privilege escalation. The weakness is identified as CWE-862: Access Control Failure.

Affected Systems

The affected product is the Court Reservation plugin for WordPress, released by webmuehle. All versions from the first release through 1.10.11 are vulnerable. Any WordPress site installing one of these versions is at risk.

Risk and Exploitability

Because the issue is a direct lack of authorization checks, an attacker can exploit the vulnerability by sending crafted HTTP requests to the plugin’s exposed endpoints; this attack vector is inferred based on the nature of the flaw. The CVSS score is not provided, so the precise severity is unknown, but broken access control often carries a high risk. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, leaving the exact exploitation probability uncertain but potentially moderate to high for sites that expose the plugin to the public web.

Generated by OpenCVE AI on April 8, 2026 at 10:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check whether the Court Reservation plugin is installed and determine its version.
  • If the installed version is 1.10.11 or earlier, upgrade to the latest release available from the vendor to apply the patch.
  • If no newer version is available, consider disabling or uninstalling the plugin until a fix is released.
  • Apply general WordPress hardening practices, such as restricting user roles to the least privilege necessary.
  • Monitor WordPress logs for suspicious or unauthorized activity related to the plugin.

Generated by OpenCVE AI on April 8, 2026 at 10:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Webmuehle
Webmuehle court Reservation
Wordpress
Wordpress wordpress
Vendors & Products Webmuehle
Webmuehle court Reservation
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
Title WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Webmuehle Court Reservation
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:39.993Z

Reserved: 2026-04-07T10:58:05.154Z

Link: CVE-2026-39675

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:39.087

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39675

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:41:00Z

Weaknesses