Unrated severityNVD Advisory· Published Jan 24, 2022· Updated Aug 3, 2024
Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion
CVE-2021-25013
Description
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.7.8
Package: https://wordpress.org/plugins/qubely
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/e88b7a70-ee71-439f-b3c6-0300adb980b0mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.