EUVD-2026-25405
GHSA-g4r7-2w2r-848v
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnix_delete_my_account() function, where the check_ajax_referer() call is explicitly commented out on line 883. This makes it possible for unauthenticated attackers to trick a logged-in non-administrator user into deleting their own account via a forged request granted they can trick the user into performing an action such as clicking a link or visiting a malicious page.
AnalysisAI
Cross-Site Request Forgery (CSRF) in Taqnix WordPress plugin versions up to 1.0.3 allows unauthenticated attackers to trick logged-in users into deleting their own accounts via a forged request. The vulnerability stems from a commented-out nonce verification check in the taqnix_delete_my_account() function, making account deletion unprotected against CSRF attacks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Arbitrary file upload in Breeze Cache for WordPress allows unauthenticated remote attackers to upload malicious files an
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some P
Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low
Authenticated attackers with Subscriber-level privileges can escalate to Administrator role in Highland Software Custom
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca
Share
External POC / Exploit Code
Leaving vuln.today