CVE-2021-25116

The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put...

WordPress plugin Enqueue Anything 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2022-9671 · WordPress · Enqueue Anything

Name of the Vulnerable Software and Affected Versions: Enqueue Anything WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue is related to the lack of authorization and CSRF checks in the remove asset AJAX action. This allows low-privilege users, such as subscribers, to delete...