The Enqueue Anything WordPress plugin through 1.0.1 lacks authorisation and CSRF checks, allowing low privilege users to delete arbitrary assets and put posts in the trash
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion | 17 May 202200:00 | β | wpexploit |
![]() | WordPress Enqueue Anything plugin <= 1.0.1 - Arbitrary Asset/Post Deletion vulnerability | 17 May 202200:00 | β | patchstack |
![]() | WordPress Enqueue Anything pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄ | 15 Jun 202200:00 | β | cnvd |
![]() | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion | 17 May 202200:00 | β | wpvulndb |
![]() | CVE-2021-25116 | 13 Jun 202213:15 | β | cve |
![]() | CVE-2021-25116 Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion | 13 Jun 202212:41 | β | cvelist |
![]() | Cross site request forgery (csrf) | 13 Jun 202213:15 | β | prion |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo