Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.12 views

CVE-2025-14508

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14508

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...

6.5CVSS0.00214EPSS
Exploits0References4
CVE
CVE
added 2025/12/13 4:31 a.m.13 views

CVE-2025-14508

CVE-2025-14508 : MediaCommander for WordPress allows unauthorized data deletion via the REST API endpoint import-csv due to a missing capability check. The endpoint uses an upload_files (Author-level) check for a destructive operation, enabling authenticated users with Author-level access or high...

6.5CVSS4.8AI score0.00214EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.27 views

CVE-2025-14508 MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...

6.5CVSS0.00214EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.4 views

WordPress plugin MediaCommander – Bring Folders to Media, Posts, and Pages 安全漏洞

...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References5
Rows per page
Query Builder