Lucene search
K

4 matches found

OSV
OSV
added 2022/02/01 1:15 p.m.3 views

CVE-2021-25097

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication...

6.5CVSS6.7AI score0.00382EPSS
Exploits1References1
Prion
Prion
added 2022/02/01 1:15 p.m.16 views

Cross site request forgery (csrf)

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication...

4CVSS6.4AI score0.00382EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.4 views

PT-2022-9652 · WordPress · Labtools

Name of the Vulnerable Software and Affected Versions: LabTools WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of proper authorization and CSRF check when deleting publications. This allows any authenticated users, such as subscribers, to delete arbitrary...

6.5CVSS6.4AI score0.00382EPSS
Exploits1References6
WPVulnDB
WPVulnDB
added 2021/12/28 12:0 a.m.15 views

LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The plugin does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication PoC The PoC will be displayed once the issue has been remediated...

6.5CVSS4.3AI score0.00382EPSS
Exploits1Affected Software1
Rows per page
Query Builder