CVE-2026-1983
CSRF Vulnerability in SEATT WordPress Plugin Allows Event Deletion
Publication date: 2026-02-14
Last updated on: 2026-02-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | simple_event_attendance | to 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability affects the Simple Event Attendance (SEATT) plugin for WordPress, versions up to and including 1.5.0. It is a Cross-Site Request Forgery (CSRF) issue caused by missing nonce validation on the event deletion functionality.
This means that an attacker can trick an administrator into performing an unwanted action, such as clicking on a malicious link, which then causes the deletion of arbitrary events without the administrator's explicit consent.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to delete events from the SEATT plugin by exploiting the lack of nonce validation in the event deletion process.
If an administrator is tricked into clicking a malicious link, events can be removed without authorization, potentially causing loss of important event data and disruption of event management.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves the Simple Event Attendance WordPress plugin allowing unauthenticated deletion of events via forged requests due to missing nonce validation. Detection involves monitoring for suspicious HTTP GET requests targeting the event deletion functionality, specifically requests containing parameters like 'remove_event' and 'event_id' in the URL."}, {'type': 'paragraph', 'content': 'You can detect potential exploitation attempts by inspecting web server logs for GET requests to the WordPress admin interface that include these parameters without proper authentication or nonce tokens.'}, {'type': 'paragraph', 'content': 'Example commands to search for suspicious requests in Apache or Nginx logs might include:'}, {'type': 'list_item', 'content': "grep 'remove_event' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'remove_event' /var/log/nginx/access.log"}, {'type': 'list_item', 'content': "grep 'event_id' /var/log/apache2/access.log | grep 'remove_event'"}, {'type': 'list_item', 'content': "grep 'event_id' /var/log/nginx/access.log | grep 'remove_event'"}, {'type': 'paragraph', 'content': "Additionally, monitoring for unexpected deletions of events in the WordPress admin interface or database changes to the 'seatt_events' and 'seatt_attendees' tables can help detect exploitation."}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this Cross-Site Request Forgery vulnerability in the Simple Event Attendance plugin, immediate steps include:
- Restrict access to the WordPress admin interface to trusted users only and ensure administrators are aware not to click on suspicious links.
- Apply any available updates or patches from the plugin developer that add nonce validation or otherwise fix the vulnerability.
- If no patch is available, consider temporarily disabling or removing the Simple Event Attendance plugin until a fix is released.
- Implement web application firewall (WAF) rules to block suspicious requests containing 'remove_event' parameters or unexpected event deletion attempts.
- Educate administrators about the risk of CSRF attacks and encourage use of security best practices such as logging out of admin sessions when not in use.