Medium severity5.3NVD Advisory· Published Mar 4, 2026· Updated Apr 22, 2026
CVE-2026-1980
CVE-2026-1980
Description
The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/browser/wpbookit/tags/1.0.8/core/admin/classes/class.wpb-admin-routes.phpnvd
- plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/class.wpb-admin-routes.phpnvd
- plugins.trac.wordpress.org/changesetnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/a1867c79-29d7-46a4-bfaf-c65e8a44c2ednvd
News mentions
0No linked articles in our index yet.