CVE-2026-9576 - Fluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee Export
CVE ID :CVE-2026-9576
Published : June 30, 2026, 6 a.m. | 4 hours, 43 minutes ago
Description :The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 30, 2026, 6 a.m. | 4 hours, 43 minutes ago
Description :The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...