VYPR
Unrated severityNVD Advisory· Published Jan 24, 2022· Updated Aug 3, 2024

Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion

CVE-2021-25013

Description

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.