CVE-2019-11807 – WooCommerce Checkout Manager <= 4.2.6 - Unauthenticated Arbitrary Media Deletion

https://notcve.org/view.php?id=CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks. El plugin WooCommerce Checkout Manager en versiones anteriores a la 4.3 para WordPress, permite la eliminación de medios a través del parámetro wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load a causa de nopriv_ registration y una falta de comprobación de las capacidades. • https://wpvulndb.com/vulnerabilities/9262 https://www.wordfence.com/blog/2019/05/unauthenticated-media-deletion-vulnerability-patched-in-woocommerce-checkout-manager-plugin • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •