Drtime

**Name of the Vulnerable Software and Affected Versions** WPBookit versions through 1.0.7 **Description** The WPBookit WordPress plugin does not properly validate Cross-Site Request Forgery (CSRF) tokens when deleting customer data. This allows an attacker, without needing to be logged in, to delete any customer record by exploiting a CSRF attack. The vulnerable operation involves deleting customers. **Recommendations** Update WPBookit to a version later than 1.0.7.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Post Kit Addons for Elementor WordPress plugin versions prior to 4.0.16 **Description** The plugin has multiple AJAX “load more” endpoints, including `upk alex grid loadmore posts`, that do not properly verify post publication status before displaying content. This allows attackers without authentication to access and retrieve rendered HTML content of private and unpublished posts. **Recommendations** Update to version 4.0.16 or later.