CVE-2026-1797

{"id": "CVE-2026-1797", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-31T05:16:10.867", "references": [{"url": "https://plugins.trac.wordpress.org/browser/truebooker-appointment-booking/tags/1.1.2/main/views/truebooker-user.php", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebe8b63-ea43-4e39-9fdf-e28fb4638433?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Appointment Booking and Scheduler Plugin \u2013 Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed views php files via direct access."}, {"lang": "es", "value": "El plugin Appointment Booking and Scheduler Plugin \u2013 Truebooker para WordPress es vulnerable a la Exposici\u00f3n de Informaci\u00f3n Sensible en todas las versiones hasta la 1.1.4, inclusive, a trav\u00e9s de los archivos PHP de vistas. Esto permite a atacantes no autenticados ver informaci\u00f3n potencialmente sensible contenida en los archivos PHP de vistas expuestos mediante acceso directo."}], "lastModified": "2026-04-24T18:11:16.583", "sourceIdentifier": "security@wordfence.com"}