CVE-2026-25426
Missing Authorization in Taxi Booking Manager for WooCommerce
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| magepeople | taxi_booking_manager_for_woocommerce | to 2.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a Broken Access Control issue that allows unauthenticated users to perform higher-privileged actions due to missing authorization checks.
Such access control weaknesses can potentially lead to unauthorized access to sensitive data, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict access controls to protect personal and health information.
However, the provided information does not explicitly state the direct impact on compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-25426 is a Broken Access Control vulnerability in the WordPress Taxi Booking Manager for WooCommerce plugin, versions 2.0.1 and below.
This vulnerability arises from missing authorization, authentication, or nonce token checks, which allows unauthenticated users to perform actions that should require higher privileges.
It is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS score of 5.3, indicating a low severity impact.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated users to execute higher-privileged actions within the Taxi Booking Manager for WooCommerce plugin.
Such unauthorized actions could lead to unauthorized access or manipulation of booking data or other sensitive operations that should be restricted.
Although the impact is considered low severity, it still poses a risk to the integrity and security of the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in the Taxi Booking Manager for WooCommerce Plugin (versions 2.0.1 and below), users should immediately update the plugin to version 2.0.2 or later.
Alternatively, users can seek assistance from their hosting provider or developer to apply the necessary patches.
Patchstack users have the option to enable auto-updates for vulnerable plugins to ensure timely patching.