Security Advisory

CVE-2021-24318

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-01 11:33:30

Last updated 2024-08-03 19:28:23

Assigner WPScan

State PUBLISHED

Description

The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.

← Browse all CVEs View on cve.org ↗