13 matches found
CVE-2026-34728
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...
CVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
EUVD-2025-205402
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
CVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
WordPress plugin Frontend Post Submission Manager Lite – Frontend Posting 安全漏洞
...
CVE-2025-14913 Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
CVE-2025-14913
CVE-2025-14913 affects the Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin. It allows unauthenticated attackers to delete arbitrary attachments due to an incorrect authorization check in the media_delete_action function, affecting all versions up to 1.2.6. CVSS 3.1 base ...
PT-2025-53417
Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite WordPress Plugin versions through 1.2.6 Description The Frontend Post Submission Manager Lite WordPress Plugin is affected by a flaw that allows unauthorized data loss. An incorrect authorization check...
CVE-2023-53902
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...
EUVD-2023-60188
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...
CVE-2023-53902
CVE-2023-53902 affects WebsiteBaker 2.13.3 with a directory traversal vulnerability in the /admin/media/delete.php endpoint. An authenticated attacker can delete arbitrary files by manipulating directory path parameters, exploiting traversal sequences to access files outside the intended director...
CVE-2023-53902 WebsiteBaker 2.13.3 Directory Traversal via Media Delete Endpoint
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...
CVE-2023-53902 WebsiteBaker 2.13.3 Directory Traversal via Media Delete Endpoint
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...