2 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. El complemento Media from FTP de WordPress anterior a la versión 11.17 no limita adecuadamente quién puede usar el complemento, lo que puede permitir a los usuarios con privilegios de autor+ mover archivos, como wp-config.php, lo que puede provocar RCE en algunos casos. The Media from FTP plugin for WordPress is vulnerable to improper privilege management due to an insufficient capability check on the plugin's menu pages in versions up to, and including, 11.16. This makes it possible for authenticated attackers, with author-level permissions and above, to modify plugin settings on multi-site installations. • https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. En el plugin "Media from FTP" en versiones anteriores a la 9.85 para WordPress, existe salto de directorio mediante el parámetro searchdir en el URI wp-admin/admin.php?page=mediafromftp-search-register. The Media from FTP Plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 9.84 via the searchdir parameter to the wp-admin/admin.php? • https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md https://wordpress.org/plugins/media-from-ftp/#developers https://wordpress.org/support/topic/any-directory-traversal-bugs-at-the-latest-version-of-media-from-ftp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •