Zaran Shaikh

**Name of the Vulnerable Software and Affected Versions** Kirby version 2.5.12 **Description** The delete page functionality in Kirby suffers from a CSRF flaw, allowing a remote attacker to craft a malicious page and force the user to delete a page. **Recommendations** For Kirby version 2.5.12, consider disabling the delete page functionality until a patch is available to prevent exploitation of the CSRF flaw. Restrict access to the delete page feature to minimize the risk of unauthorized page deletion.

**Name of the Vulnerable Software and Affected Versions** Kirby version 2.5.12 **Description** The issue allows malicious HTTP requests to be sent, which can trick a user into adding web pages. **Recommendations** For Kirby version 2.5.12, at the moment, there is no information about a newer version that contains a fix for this issue.