CVE-2021-24318

CVE-2021-24318: Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities

Vendor Purethemes

Product Listeo

Weakness CWE-284

Published June 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.

Key dates

02Disclosure timeline

June 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24318

Related vulnerabilities

CVE-2021-24318: Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE