WordPress Comment Images Reloaded plugin <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion vulnerability

Authenticated Subscriber+ Arbitrary Media Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Comment Images Reloaded versions = 2.2.1...

CVE-2024-5856

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cirdeleteimage AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

WordPress Comment Images Reloaded Plugin <= 2.2.1 is vulnerable to Broken Access Control

Software Comment Images Reloaded Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5856 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a3534aef50ef Credits Lucio Sá Required...