2 matches found
CVE-2021-24816
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
CVE-2021-24816
The CVE-2021-24816 entry concerns the WordPress plugin Phoenix Media Rename (versions prior to 3.4.4). The underlying issue is missing capability checks in the phoenix_media_rename AJAX action, allowing users with Author roles to rename any uploaded media files, including those they do not own. I...