WordPress Court Reservation plugin < 1.10.9 - Event Deletion via CSRF vulnerability

Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Court Reservation versions 1.10.9...

CVE-2026-1508

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2026-1508 Court Reservation < 1.10.9 - Event Deletion via CSRF

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2026-1508

CVE-2026-1508 affects the Court Reservation WordPress plugin (versions before 1.10.9). The root cause is missing CSRF protection on event deletion, which could allow a logged-in admin to be made to delete events via a CSRF attack. Impact is limited to admin-authenticated users performing deletion...

CVE-2026-1508 Court Reservation < 1.10.9 - Event Deletion via CSRF

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

WordPress plugin Court Reservation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-1983

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2026-1983

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

WordPress plugin SEATT: Simple Event Attendance 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-8053

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce validation on the event deletion functionality. This makes it possible for unauthenticated attackers to delete arbitrary...

WordPress SEATT: Simple Event Attendance plugin <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin SEATT: Simple Event Attendance versions = 1.5.0...

EUVD-2021-11464

Malware in sbrugna...

EUVD-2010-0668

Malware in sbrugna...

EUVD-2024-2117

Malicious code in bioql PyPI...

EUVD-2022-40672

Malicious code in bioql PyPI...

EUVD-2022-30259

Malicious code in bioql PyPI...

BIT-MOODLE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt...

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

CVE-2023-48653

Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery CSRF via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential...