Vulnerabilities

CVE-2026-1980 - WPBookit <= 1.0.8 - missing authorization to unauthenticated sensitive customer d...

2026-03-04 0 views admin

CVE ID : CVE-2026-1980 Published : March 4, 2026, 1:21 a.m. | 1 hour, 1 minute ago Description : The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-1980

Published

March 4, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1980wordpress

CVE-2026-1980 - WPBookit <= 1.0.8 - missing authorization to unauthenticated sensitive customer d...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3240 - Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form

CVE-2026-2994 - Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Sp...

CVE-2026-3242 - Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block

CVE-2026-3241 - Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting