Lucene search
+L

9 matches found

CNVD
CNVD
added 2021/11/10 12:0 a.m.53 views

WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101476)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

4.3CVSS2AI score0.00654EPSS
Exploits2References1
OSV
OSV
added 2021/11/08 6:15 p.m.6 views

CVE-2021-24816

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...

4.3CVSS5.8AI score0.00654EPSS
Exploits2References1
NVD
NVD
added 2021/11/08 6:15 p.m.21 views

CVE-2021-24816

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...

4.3CVSS0.00654EPSS
Exploits2References1
Prion
Prion
added 2021/11/08 6:15 p.m.17 views

Buffer overflow

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...

4CVSS4.6AI score0.00654EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/11/08 5:35 p.m.45 views

CVE-2021-24816

The CVE-2021-24816 entry concerns the WordPress plugin Phoenix Media Rename (versions prior to 3.4.4). The underlying issue is missing capability checks in the phoenix_media_rename AJAX action, allowing users with Author roles to rename any uploaded media files, including those they do not own. I...

4.3CVSS4.4AI score0.00654EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/08 5:35 p.m.30 views

CVE-2021-24816 Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...

4.9AI score0.00654EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.6 views

WordPress 插件访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

4.3CVSS5.7AI score0.00654EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/10/06 12:0 a.m.17 views

Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. PoC As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993=edit, whic...

4.3CVSS3.1AI score0.00654EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.818 views

Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...

4.3CVSS1.4AI score0.00654EPSS
Exploits2
Rows per page
Query Builder