CVE-2021-24318

Name of the Vulnerable Software and Affected Versions Listeo WordPress theme versions prior to 1.6.11

Description The issue allows any authenticated users to delete arbitrary pages/posts and bookings via an IDOR vector because it does not ensure that the post/page and booking to be deleted belong to the user making the request.

Recommendations For versions prior to 1.6.11, update to version 1.6.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the delete functionality for posts, pages, and bookings to minimize the risk of exploitation.