CVE-2021-25073

🗓️ 24 Jan 2022 08:01:21Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

The WP125 plugin before 1.5.5 in WordPress allows CSRF attacks for admin account deletion

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-25073	1 Feb 202218:48	–	circl
CNNVD	WordPress plugin 跨站请求伪造漏洞	24 Jan 202200:00	–	cnnvd
CNVD	WordPress WP125 plugin cross-site request forgery vulnerability	26 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-25073 WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF	24 Jan 202208:01	–	cvelist
EUVD	EUVD-2021-11985	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25073	24 Jan 202208:15	–	nvd
Prion	Cross site request forgery (csrf)	24 Jan 202208:15	–	prion
RedhatCVE	CVE-2021-25073	22 May 202519:24	–	redhatcve
wpexploit	WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF	23 Dec 202100:00	–	wpexploit
WPVulnDB	WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF	23 Dec 202100:00	–	wpvulndb

NVD

Vulners

Node

webmaster-source wp125Range<1.5.5wordpress

[
  {
    "product": "WP125",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.5.5",
        "status": "affected",
        "version": "1.5.5",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/922a2037-9b5e-4c94-83d9-99efc494e9e2
plugins	www.plugins.trac.wordpress.org/changeset/2647594

Parameter	Position	Path	Description	CWE
deletead	query param	/wp-admin/admin.php?page=wp125_addedit&deletead=1	CSRF vulnerability allowing an admin to delete ads via crafted requests without CSRF protection	CWE-352
page	query param	/wp-admin/admin.php?page=wp125_addedit&deletead=1	CSRF vulnerability allowing an admin to delete ads via crafted requests without CSRF protection	CWE-352

21 Nov 2024 05:54Current

8.6High risk

Vulners AI Score8.6

CVSS 26.8

CVSS 3.18.8

EPSS0.00109

CWE-352