Lucene search
Apple502jWPEX-ID:4B4E417D-0AE2-4C3C-81E6-4DCF39EB5697HistoryOct 28, 2021 - 12:00 a.m.
URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF
2021-10-2800:00:00
apple502j
92
url shortify csrf exploit
arbitrary deletion
bulk delete
EPSS
0.001
Percentile
27.6%
The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.
https://example.com/wp-admin/admin.php?page=us_links&action=bulk_delete&link_ids[]=1
https://example.com/wp-admin/admin.php?page=us_groups&action=bulk_delete&group_ids[]=1Related
prion
prion
Cross site request forgery (csrf)
2021-11-29 09:15:00
cve
cve
CVE-2021-24749
2021-11-29 09:15:07
cvelist
cvelist
CVE-2021-24749 URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF
2021-11-29 08:25:32
nvd
nvd
CVE-2021-24749
2021-11-29 09:15:07
wpvulndb
wpvulndb
URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF
2021-10-28 00:00:00