CVE-2025-12685

Name of the Vulnerable Software and Affected Versions WPBookit versions through 1.0.7

Description The WPBookit WordPress plugin does not properly validate Cross-Site Request Forgery (CSRF) tokens when deleting customer data. This allows an attacker, without needing to be logged in, to delete any customer record by exploiting a CSRF attack. The vulnerable operation involves deleting customers.

Recommendations Update WPBookit to a version later than 1.0.7.