CVE-2026-1980
published 2026-03-04CVE-2026-1980: The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all…
PriorityP432medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.38%
29.3th percentile
The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iqonicdesign | wpbookit | <= 1.0.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1980 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-1980 [CRITICAL] CVE-2026-1980 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1980 :
WordPress vulnerability analysis and mitigation
The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender.
Source : NVD
## 5.3
Score
Published March 4, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
wpbookit
Sources
NVD
## Get a
Bugzilla
CVE-2026-23040 kernel: wifi: mac80211_hwsim: fix typo in frequency notification
bugzilla·2026-02-04
CVE-2026-23040 [MEDIUM] CVE-2026-23040 kernel: wifi: mac80211_hwsim: fix typo in frequency notification
CVE-2026-23040 kernel: wifi: mac80211_hwsim: fix typo in frequency notification
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211_hwsim: fix typo in frequency notification
The NAN notification is for 5745 MHz which corresponds to channel 149
and not 5475 which is not actually a valid channel. This could result in
a NULL pointer dereference in cfg80211_next_nan_dw_notif.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2026-23040-1980@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:18134 https://access.redhat.com/errata/RHSA-2026:18134
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2026:18587 h
https://plugins.trac.wordpress.org/browser/wpbookit/tags/1.0.8/core/admin/classes/class.wpb-admin-routes.php#L146https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/class.wpb-admin-routes.php#L146https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3467556%40wpbookit&new=3467556%40wpbookit&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/a1867c79-29d7-46a4-bfaf-c65e8a44c2ed?source=cve
2026-03-04
Published