PT-2026-24179 · WordPress · Court Reservation
Bob Matyas
·
Published
2026-03-10
·
Updated
2026-03-10
·
CVE-2026-1508
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Court Reservation WordPress plugin versions prior to 1.10.9
Description
The Court Reservation WordPress plugin does not include a Cross-Site Request Forgery (CSRF) check when deleting events. This could allow an attacker to make a logged-in administrator delete events through a CSRF attack. The affected functionality involves event deletion.
Recommendations
Update the Court Reservation WordPress plugin to version 1.10.9 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Court Reservation