CVE-2019-14793

Name of the Vulnerable Software and Affected Versions Meta Box plugin versions prior to 4.16.3

Description The issue allows file deletion via an ajax request. Specifically, it involves the "wp-admin/admin-ajax.php" endpoint with the attachment id parameter.

Recommendations For versions prior to 4.16.3, update to version 4.16.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php" endpoint with the action=rwmb delete file parameter until the update is applied.