Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.