1 results (0.002 seconds)
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24816 – Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
https://notcve.org/view.php?id=CVE-2021-24816
06 Oct 2021 — The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. El plugin Phoenix Media Rename de WordPress versiones anteriores a 3.4.4, no presenta comprobaciones de capacidad en su acción phoenix_media_rename AJAX, lo que podría permitir a usuarios con roles de autor renombrar cualquier archivo multimedia subido, incluso aquellos que... • https://wpscan.com/vulnerability/5f63d677-20f3-4fe0-bb90-048b6898e6cd • CWE-284: Improper Access Control •