{"vulnerability": "cve-2021-24978", "sightings": [{"uuid": "f6865500-9355-4fe2-82ec-04bf80345cc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24978", "type": "seen", "source": "https://t.me/cibsecurity/39674", "content": "\u203c CVE-2021-24978 \u203c\n\nThe OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-28T22:42:06.000000Z"}]}