CVE-2025-12685

MEDIUM 6.5

WPBookit <= 1.0.7 - Customer Deletion via CSRF

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

1th

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.

Vendor	unknown
Product	wpbookit
Published	Jan 2, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wpbookit

Be the first to know when new medium vulnerabilities affecting unknown wpbookit are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / WPBookit

0 ≤ 1.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/e5ba488a-b43d-4c5f-9716-4b24701999f3/

Credits

Drtime WPScan