CVE-2022-0403

Name of the Vulnerable Software and Affected Versions Library File Manager WordPress plugin versions prior to 5.2.3

Description The issue affects the Library File Manager WordPress plugin due to its use of an outdated elFinder library version, which lacks authorization and CSRF checks in its connector AJAX action. This allows any authenticated user to call the action, potentially creating, uploading, or deleting arbitrary files and folders.

Recommendations For versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the elFinder library's connector AJAX action to minimize the risk of exploitation.