CVE-2021-25097

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication...

CVE-2021-25097

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication...

CVE-2021-25097

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication...

CVE-2021-25097 LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication...

PT-2022-9652 · WordPress · Labtools

Name of the Vulnerable Software and Affected Versions: LabTools WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of proper authorization and CSRF check when deleting publications. This allows any authenticated users, such as subscribers, to delete arbitrary...

CVE-2021-25097

The CVE-2021-25097 entry concerns LabTools WordPress plugin (versions ≤ 1.0). Affected component: publication deletion flow. Root cause: missing authorization checks and CSRF protection, permitting any authenticated user (e.g., subscribers) to delete arbitrary publications. Impact: unauthorized d...

WordPress 安全漏洞

WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress plugin LabTools 1.0 and earlier versions, which stems from a lack of proper authorization when deleting a posting, allowing any authenticated user e.g., a subscriber to delete arbitra...

LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The plugin does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication The PoC will be displayed once the issue has been remediated...

LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The plugin does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication PoC The PoC will be displayed once the issue has been remediated...

WordPress LabTools plugin <= 1.0 - Arbitrary Publication Deletion vulnerability

Arbitrary Publication Deletion vulnerability discovered by Muhammad Adel in WordPress LabTools plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...