WordPress WPBookit plugin <= 1.0.7 - Customer Deletion via CSRF vulnerability

Customer Deletion via CSRF vulnerability discovered by Drtime in WordPress Plugin WPBookit versions = 1.0.7...

CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

EUVD-2026-0713

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

CVE-2025-12685

CVE-2025-12685 affects the WPBookit WordPress plugin up to version 1.0.7 and arises from a missing CSRF check when deleting customers, potentially enabling an unauthenticated attacker to delete any customer via CSRF. Public sources consistently describe WPBookit

CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

EUVD-2022-15716

Malicious code in bioql PyPI...

CVE-2024-3983

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks...

CVE-2025-1362

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks...

CVE-2025-1362

CVE-2025-1362 affects the WordPress plugin URL Shortener | Conversion Tracking | AB Testing | WooCommerce (≤ 9.0.2). The root cause is missing CSRF checks in certain bulk actions, enabling an attacker with user login who can trick an admin into performing unintended actions (e.g., deleting custom...

CVE-2022-0616

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...

CVE-2022-0616

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...

WordPress Amelia plugin <= 1.0.45 - Arbitrary Customer Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Customer Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...

Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF

The plugin does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack PoC...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any customer if knows the customer ids parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the customer with id 2 has been deleted. //PoC.html...