CVE-2026-3565

Name of the Vulnerable Software and Affected Versions Taqnix versions prior to 1.0.4

Description The Taqnix plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF), a flaw where an attacker tricks a user into performing actions they did not intend to. This occurs because of missing nonce verification in the taqnix delete my account() function, specifically where the check ajax referer() call is commented out. Unauthenticated attackers can exploit this to force logged-in non-administrator users to delete their own accounts by inducing them to click a malicious link or visit a compromised page.

Recommendations Update to a version later than 1.0.3. As a temporary workaround, restrict access to the taqnix delete my account() function until a patch is applied.