9 matches found
WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101476)
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...
CVE-2021-24816
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
CVE-2021-24816
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
Buffer overflow
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
CVE-2021-24816
The CVE-2021-24816 entry concerns the WordPress plugin Phoenix Media Rename (versions prior to 3.4.4). The underlying issue is missing capability checks in the phoenix_media_rename AJAX action, allowing users with Author roles to rename any uploaded media files, including those they do not own. I...
CVE-2021-24816 Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
WordPress 插件访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. PoC As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993=edit, whic...
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...