{"uuid": "02e41665-8763-4965-822f-a937a7dd63b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9851", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116706235130875695", "content": "\u26a0\ufe0f CVE-2026-9851 (HIGH): masaakitanaka Booking Package plugin for WordPress lets Editors escalate to Admin via AJAX endpoint, risking full site takeover. Restrict Editor access & monitor for updates. More: https://radar.offseq.com/threat/cve-2026-9851-cwe-639-authorization-bypass-through-49f29652 #OffSeq #WordPress #Security #Vuln", "creation_timestamp": "2026-06-07T01:30:28.096940Z"}