2 matches found
CVE-2025-10749
CVE-2025-10749 describes a vulnerability in the Microsoft Azure Storage for WordPress plugin (all versions up to 4.5.1) where missing capability checks on the azure-storage-media-replace AJAX action allow authenticated users with subscriber-level access or higher to delete arbitrary media in the ...
CVE-2025-10749 Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion
The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...