diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index b5f608624..a462918b0 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -9,6 +9,8 @@
  - fix: The upgrade script will remove any orphaned EventsCalendars and 
    Events.
  - fix: Media Folder (perlDreamer Consulting, LLC)
+ - security: A vulnerability was found and fixed this morning that could allow a
+   malicious user to delete assets that they don't have rights to.
 
 
 7.3.7
diff --git a/lib/WebGUI/AssetTrash.pm b/lib/WebGUI/AssetTrash.pm
index c5c00008e..d0cb53c02 100644
--- a/lib/WebGUI/AssetTrash.pm
+++ b/lib/WebGUI/AssetTrash.pm
@@ -277,10 +277,9 @@ Purges a piece of content, including all it's revisions, from the system permane
 
 sub www_purgeList {
         my $self = shift;
-        return $self->session->privilege->insufficient() unless $self->canEdit;
         foreach my $id ($self->session->form->param("assetId")) {
                 my $asset = WebGUI::Asset->newByDynamicClass($self->session,$id);
-                $asset->purge;
+                $asset->purge unless $asset->canEdit;
         }
         if ($self->session->form->process("proceed") ne "") {
                 my $method = "www_".$self->session->form->process("proceed");