WordPress · Wpbookit · CVE-2026-1980
**Name of the Vulnerable Software and Affected Versions**
WPBookit versions up to and including 1.0.8
**Description**
The WPBookit plugin for WordPress has a flaw that allows unauthorized disclosure of customer data. This is due to a missing authorization check on the `/get customer list` API endpoint. An unauthenticated attacker can retrieve sensitive customer information, including names, emails, phone numbers, dates of birth, and gender.
**Recommendations**
Update WPBookit to a version newer than 1.0.8.