CVE-2021-25073
CVE-2021-25073 affects the WP125 WordPress plugin prior to version 1.5.5. The root cause is missing CSRF checks in multiple actions (e.g., deleting an ad), which enables an attacker to induce a logged-in administrator to perform unwanted deletions via CSRF. Documents describe an exploitation path...