CVE-2022-1788

Name of the Vulnerable Software and Affected Versions Change Uploaded File Permissions WordPress plugin through 4.0.0

Description The issue is due to missing checks, making the plugin vulnerable to CSRF attacks. This vulnerability can be used to change the file and folder permissions of any folder, potentially making specific files like ini files readable for everyone.

Recommendations For versions through 4.0.0, update to a version later than 4.0.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and folders to minimize the risk of exploitation.