3 matches found
CVE-2024-13897
The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generatejsonpage function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and abov...
CVE-2024-13897 Moving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion
The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generatejsonpage function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and abov...
CVE-2024-13897
Summary: CVE-2024-13897 affects the WordPress plugin Moving Media Library. The vulnerability is an authenticated (Administrator+) directory traversal that enables arbitrary file deletion via the generate_json_page function in all versions <= 1.22. Deleting arbitrary files (e.g., wp-config.php)...