CVE-2026-1980

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.8

Description The WPBookit plugin for WordPress has a flaw that allows unauthorized disclosure of customer data. This is due to a missing authorization check on the /get customer list API endpoint. An unauthenticated attacker can retrieve sensitive customer information, including names, emails, phone numbers, dates of birth, and gender.

Recommendations Update WPBookit to a version newer than 1.0.8.