CVE-2023-4019
Media from FTP < 11.17 - Author+ Arbitrary File Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.
El complemento Media from FTP de WordPress anterior a la versión 11.17 no limita adecuadamente quién puede usar el complemento, lo que puede permitir a los usuarios con privilegios de autor+ mover archivos, como wp-config.php, lo que puede provocar RCE en algunos casos.
The Media from FTP plugin for WordPress is vulnerable to improper privilege management due to an insufficient capability check on the plugin's menu pages in versions up to, and including, 11.16. This makes it possible for authenticated attackers, with author-level permissions and above, to modify plugin settings on multi-site installations.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-31 CVE Reserved
- 2023-08-14 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Riverforest-wp Search vendor "Riverforest-wp" | Media From Ftp Search vendor "Riverforest-wp" for product "Media From Ftp" | < 11.17 Search vendor "Riverforest-wp" for product "Media From Ftp" and version " < 11.17" | wordpress |
Affected
| ||||||