cve/2021/CVE-2021-25097.md

### [CVE-2021-25097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25097)
![](https://img.shields.io/static/v1?label=Product&message=LabTools&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)

### Description

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

### POC

#### Reference
- https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-25097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25097)`
			`![](https://img.shields.io/static/v1?label=Product&message=LabTools&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%3D%201.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)`

			`### Description`

			`The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c`

			`#### Github`
			`No PoCs found on GitHub currently.`