CVE-2021-36850

Name of the Vulnerable Software and Affected Versions WordPress Media File Renamer – Auto & Manual Rename plugin versions <= 5.1.9

Description A Cross-Site Request Forgery (CSRF) issue affects the plugin, allowing unauthorized changes to uploaded media. The affected parameters are post title, filename, and lock, which can be modified to change the media title, file name, and locking state.

Recommendations For WordPress Media File Renamer – Auto & Manual Rename plugin versions <= 5.1.9, update to a version higher than 5.1.9 to resolve the issue. As a temporary workaround, consider restricting access to the parameters post title, filename, and lock to minimize the risk of exploitation.