CVE-2024-13897

Name of the Vulnerable Software and Affected Versions Moving Media Library plugin for WordPress versions up to, and including, 1.22

Description The issue arises from insufficient file path validation in the generate json page function, allowing authenticated attackers with Administrator-level access and above to delete arbitrary files on the server. This can lead to remote code execution if critical files, such as wp-config.php, are deleted.

Recommendations For Moving Media Library plugin for WordPress versions up to, and including, 1.22, update to a version that includes a fix for the insufficient file path validation in the generate json page function to prevent arbitrary file deletion.