Search
Find a vulnerability
Search criteria
2 vulnerabilities found for LabTools by Unknown
CVE-2021-25097 (GCVE-0-2021-25097)
Vulnerability from nvd – Published: 2022-02-01 00:00 – Updated: 2024-08-03 19:56
VLAI
EPSS
VEX
Title
LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion
Summary
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication
Severity
No CVSS data available.
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LabTools",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Adel"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LabTools \u003c= 1.0 - Subscriber+ Arbitrary Publication Deletion",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25097",
"datePublished": "2022-02-01T00:00:00.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25097 (GCVE-0-2021-25097)
Vulnerability from cvelistv5 – Published: 2022-02-01 00:00 – Updated: 2024-08-03 19:56
VLAI
EPSS
VEX
Title
LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion
Summary
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication
Severity
No CVSS data available.
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LabTools",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Adel"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LabTools \u003c= 1.0 - Subscriber+ Arbitrary Publication Deletion",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25097",
"datePublished": "2022-02-01T00:00:00.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}