- Lana Codes
- Common Vulnerabilities
WP Shamsi by wpvar <= 4.3.3 - Subscriber+ Attachment Deletion
LANACOMMONVDB ID: ea3b5bb4-d69a-4346-be3c-bd93cdb06ee8
The plugin has Cross-Site Request Forgery (CSRF) and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
You must be log in to view vulnerability details.
Or register a new account.