3 matches found
CVE-2022-0616
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...
PT-2026-1050
Name of the Vulnerable Software and Affected Versions WPBookit versions through 1.0.7 Description The WPBookit WordPress plugin does not properly validate Cross-Site Request Forgery CSRF tokens when deleting customer data. This allows an attacker, without needing to be logged in, to delete any...
CVE-2022-0616
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...