Link Library < 7.2.8 – Unauthenticated Arbitrary Links Deletion | CVE 2021-25093

Affects Plugins

link-library

Fixed in 7.2.8

References

CVE

CVE-2021-25093

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

7a7603ce-d76d-4c49-a886-67653bed8cd3

Timeline

Publicly Published

2021-12-30 (about 4 years ago)

Added

2021-12-30 (about 4 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2025-07-16

Title

The Plus Addons for Elementor Pro < 6.3.7 - Missing Authorization

Published

2023-08-24

Title

Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings'

Published

2023-11-07

Title

MSHOP MY SITE < 1.1.8 - Subscriber+ Settings Update

Published

2025-12-15

Title

User Extra Fields < 16.9 - Missing Authorization

Published

2025-12-04

Title

Happy Addons for Elementor < 3.20.4 - Missing Authorization