CVE-2021-41975
7.5 HIGHTadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary fil...
Published: 2021-10-08 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-285, CWE-306
Affected products
| Vendor | Product |
|---|---|
| tadtools_project | tadtools |
Description
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-41566 — The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute ... (9.8 CRITICAL)
- CVE-2021-41565 — TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript ... (6.1 MEDIUM)
Same CWE
- CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
- CVE-2018-25437 — WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download... (7.5 HIGH)
- CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
- CVE-2026-12190 — A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)