CVE-2021-25093

CWE-862 — Missing Authorization3 documents3 sources

Severity

7.5HIGH

EPSS

0.6%

top 30.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Link Library Ylefebvre Link Library

Timeline

PublishedFeb 1

Latest updateFeb 2

Description

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5unknown/link_library7.2.8 — 7.2.8

▶NVDylefebvre/link_library< 7.2.8

🔴Vulnerability Details

GHSA

GHSA-4j83-364h-wcgq: The Link Library WordPress plugin before 7↗2022-02-02

▶

CVEList

Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion↗2022-02-01

▶