CVE-2026-1508

MEDIUM 4.3

Court Reservation < 1.10.9 - Event Deletion via CSRF

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack

Vendor	unknown
Product	court reservation
Published	Mar 10, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for unknown court reservation

Be the first to know when new medium vulnerabilities affecting unknown court reservation are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Court Reservation

0 < 1.10.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/fc1d577b-abf9-4c15-a96d-14ebd894debc/

Credits

Bob Matyas WPScan