[Etheryte]

I'm not familiar with the context here, could you please elaborate? If I understood correctly, any unauthenticated user can delete the webhook? I can currently find hundreds of matches for that on Github, anyone could just go and delete them all?

[jeroenhd]

In many cases the necessary authentication string is present within the webhook URL itself (which you're supposed to keep secret). By possessing the URL, you've proven you're authorized to use it, and with Discord that also means you're authorized to remove it.

In other cases you may need additional headers to authenticate, but if the script you've found contains the URL, it probably also contains the auth header too.

[KomoD]

Yep, anyone can delete a Discord webhook if they have the URL.

All you do is send a DELETE request to the URL.