The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets
[
{
"cpes": [
"cpe:2.3:a:artplacer:artplacer_widget:*:*:*:*:*:wordpress:*:*"
],
"vendor": "artplacer",
"product": "artplacer_widget",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.21.2",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]