3 matches found
CVE-2024-5855 Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulkactiondelete and deletesingleimagecall AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for...
CVE-2024-5855
CVE-2024-5855 affects the WordPress plugin Media Hygiene: Remove or Delete Unused Images and More! It allows authenticated users with Subscriber+ privileges to delete arbitrary attachments due to a missing capability check on bulk_action_delete and delete_single_image_call. A nonce check was adde...
WordPress Media Hygiene Plugin <= 3.0.1 is vulnerable to Broken Access Control
Software Media Hygiene Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5855 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6586cb78deae Credits Lucio Sá Required privilege...