CVE-2021-25013
N/A
N/A
Summary
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Qubely – Advanced Gutenberg Blocks | 1.7.8 < 1.7.8 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.