CVE-2021-25097
MEDIUMLabTools < 1.0 - Authenticated Cross-Site Request Forgery in Publication Deletion
Title source: llmDescription
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication
References (1)
Core 1
Core References
Third Party Advisory
https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c
Scores
CVSS v3
6.5
EPSS
0.0038
EPSS Percentile
30.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
CWE-863
Status
published
Products (1)
creativityjuice/labtools
< 1.0
Published
Feb 01, 2022
Tracked Since
Feb 18, 2026