CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action

🗓️ 24 Apr 2026 07:45:07Reported by WordfenceType

CVE-2026-3565: Taqnix up to 1.0.3 has CSRF via taqnix_delete_my_account letting users delete their own account.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-3565	24 Apr 202607:45	–	attackerkb
CNNVD	WordPress plugin Taqnix 跨站请求伪造漏洞	24 Apr 202600:00	–	cnnvd
CVE	CVE-2026-3565	24 Apr 202607:45	–	cve
EUVD	EUVD-2026-25405	24 Apr 202607:45	–	euvd
NVD	CVE-2026-3565	24 Apr 202608:16	–	nvd
Patchstack	WordPress Taqnix plugin <= 1.0.3 - Cross-Site Request Forgery to Account Deletion vulnerability	23 Apr 202619:16	–	patchstack
Positive Technologies	PT-2026-34863	24 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-3565	5 Jun 202619:37	–	redhatcve
Vulnrichment	CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action	24 Apr 202607:45	–	vulnrichment

[
  {
    "vendor": "taqnix",
    "product": "Taqnix",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/taqnix/trunk/public/class-taqnix-user.php
plugins	www.plugins.trac.wordpress.org/browser/taqnix/trunk/public/class-taqnix-user.php
plugins	www.plugins.trac.wordpress.org/browser/taqnix/tags/1.0.3/public/class-taqnix-user.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/82aeab24-3467-4cb0-b71f-b7f97c26dc80
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/taqnix/tags/1.0.3/public/class-taqnix-user.php
plugins	www.plugins.trac.wordpress.org/browser/taqnix/tags/1.0.3/public/class-taqnix-user.php
plugins	www.plugins.trac.wordpress.org/browser/taqnix/trunk/public/class-taqnix-user.php

24 Apr 2026 07:45Current

CVSS 3.14.3

EPSS0.00022

CWE-352