3 matches found
CVE-2021-24639
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...
CVE-2021-24639 OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...
CVE-2021-24639
CVE-2021-24639 affects the OMGF WordPress plugin (versions before 4.5.4). The vulnerability is in the omgf_ajax_empty_dir AJAX action, which does not enforce path validation, authorization, or CSRF checks, allowing any authenticated user to delete arbitrary files or folders on the server. Remedia...