WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41.
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:LConfidentialityI:LIntegrityA:LAvailabilityClick technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.
Get the full picture for CVE-2026-42675 and every CVE in our database. Create a free account — no credit card required.
Create Free Account