4 matches found
CVE-2021-25013
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...
CVE-2021-25013
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...
CVE-2021-25013 Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...
CVE-2021-25013
CVE-2021-25013 affects the WordPress plugin Qubely prior to version 1.7.8. The issue is missing authorization and CSRF checks on the qubely_delete_saved_block AJAX action and failure to verify that the block to be deleted belongs to the plugin, enabling any authenticated user (e.g., a subscriber)...