CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14793 – Meta Box - WordPress Custom Fields Framework <= 4.16.2 - File Deletion via attachment_id Parameter
https://notcve.org/view.php?id=CVE-2019-14793
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. El plugin Meta Box en versiones anteriores a 4.16.3 para WordPress, permite la eliminación de archivos por medio de ajax, con el parámetro wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id. • https://metabox.io/changelog https://www.pluginvulnerabilities.com/2019/02/01/full-disclosure-of-authenticated-arbitrary-file-deletion-vulnerability-in-wordpress-plugin-with-300000-installs • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14794 – Meta Box <= 4.16.1 - Mishandling of File Upload
https://notcve.org/view.php?id=CVE-2019-14794
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. El plugin Meta Box en versiones anteriores a 4.16.2 para WordPress, maneja inapropiadamente la carga de archivos hacia carpetas personalizadas. • https://metabox.io/changelog • CWE-19: Data Processing Errors CWE-73: External Control of File Name or Path •