CVE-2021-25013

🗓️ 24 Jan 2022 08:01:08Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 47 Views🌐 WEB

The Qubely WordPress plugin before 1.7.8 allows arbitrary post deletio

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2021-25013	24 Jan 202212:17	–	circl
CNNVD	WordPress 跨站请求伪造漏洞	24 Jan 202200:00	–	cnnvd
CNVD	WordPress Qubely plugin cross-site request forgery vulnerability	26 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-25013 Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion	24 Jan 202208:01	–	cvelist
EUVD	EUVD-2021-11925	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25013	24 Jan 202208:15	–	nvd
OSV	CVE-2021-25013	24 Jan 202208:15	–	osv
Patchstack	WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.7.7 - Authenticated Post Deletion vulnerability	20 Dec 202100:00	–	patchstack
Prion	Cross site request forgery (csrf)	24 Jan 202208:15	–	prion
Positive Technologies	PT-2022-9570 · WordPress · Qubely	24 Jan 202200:00	–	ptsecurity

NVD

Vulners

Node

themeum qubelyRange<1.7.8wordpress

[
  {
    "product": "Qubely – Advanced Gutenberg Blocks",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.7.8",
        "status": "affected",
        "version": "1.7.8",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/e88b7a70-ee71-439f-b3c6-0300adb980b0

Parameter	Position	Path	Description	CWE
action	request body	wp-admin/admin-ajax.php	AJAX endpoint qubely_delete_saved_block lacks authorization/CSRF checks, allowing authenticated users to delete arbitrary blocks.	CWE-352, CWE-862
block_id	request body	wp-admin/admin-ajax.php	AJAX endpoint qubely_delete_saved_block lacks authorization/CSRF checks, allowing authenticated users to delete arbitrary blocks.	CWE-352, CWE-862

21 Nov 2024 05:54Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24

CVSS 3.16.5

EPSS0.00118