CVE-2021-25098

Summary

The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash

Affected Software

VendorProductVersion RangeStatus
UnknownPricing Tables WordPress Plugin – Easy Pricing Tables3.1.3 < 3.1.3affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References