Vulnerabilities > CVE-2021-25116 - Missing Authorization vulnerability in Enqueue Anything Project Enqueue Anything 1.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |