CVE-2023-4019

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Media from FTP WordPress plugin versions prior to 11.17

Description The issue arises from the Media from FTP WordPress plugin not properly limiting who can use the plugin. This may allow users with author+ privileges to move files around, such as wp-config.php, potentially leading to remote code execution (RCE) in some cases.

Recommendations For versions prior to 11.17, update to version 11.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin for users with author+ privileges until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-4019

Affected Products

Media From Ftp

CVE-2023-4019

Related Identifiers

Affected Products

References · 5