3 matches found
CVE-2023-4019 Media from FTP < 11.17 - Author+ Arbitrary File Access
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases...
PT-2023-27314 · WordPress · Media From Ftp
Name of the Vulnerable Software and Affected Versions: Media from FTP WordPress plugin versions prior to 11.17 Description: The issue arises from the Media from FTP WordPress plugin not properly limiting who can use the plugin. This may allow users with author+ privileges to move files around, su...
CVE-2018-5310
The CVE 2018-5310 entry corresponds to a Directory Traversal vulnerability in the WordPress Media from FTP plugin, exploitable via the searchdir parameter in the wp-admin/admin.php?page=mediafromftp-search-register URI. Affected versions are prior to 9.85. Remediation: update the plugin to versio...