Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.10 views

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

6.5CVSS6.7AI score0.00429EPSS
Exploits2References1
OSV
OSV
added 2022/01/24 8:15 a.m.4 views

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

6.5CVSS6.7AI score0.00429EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/01/24 8:1 a.m.25 views

CVE-2021-25013 Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

6.6AI score0.00429EPSS
Exploits2References1
CVE
CVE
added 2022/01/24 8:1 a.m.54 views

CVE-2021-25013

CVE-2021-25013 affects the WordPress plugin Qubely prior to version 1.7.8. The issue is missing authorization and CSRF checks on the qubely_delete_saved_block AJAX action and failure to verify that the block to be deleted belongs to the plugin, enabling any authenticated user (e.g., a subscriber)...

6.5CVSS6.4AI score0.00429EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder