CVE-2021-25098

Name of the Vulnerable Software and Affected Versions The Pricing Tables WordPress Plugin versions prior to 3.1.3

Description The issue allows attackers to make a logged-in admin remove arbitrary posts from the blog via a CSRF attack. The removed posts will be put in the trash. This is possible because the plugin does not verify the CSRF nonce when removing posts.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the post removal functionality to minimize the risk of exploitation.