The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attackCreditsMuhamad HidayatReferenceshttps://wpscan.com/vulnerability/7c63d76e-34ca-4778-8784-437d446c16e0
