Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
WordPress Court Reservation Plugin Deletes Events Without Permission
CVE-2026-1508
Summary
A logged-in admin's account can be tricked into deleting events. This could be done by an attacker with malicious intent. To protect your events, update the Court Reservation plugin to version 1.10.9 or later.
Original title
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack
Original description
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack
nvd CVSS3.1
4.3
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026