PT-2025-9911 · WordPress · Moving Media Library

Emil

Published

2025-03-06

Updated

2025-03-07

CVE-2024-13897

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moving Media Library plugin for WordPress versions up to, and including, 1.22

Description The issue arises from insufficient file path validation in the generate json page function, allowing authenticated attackers with Administrator-level access and above to delete arbitrary files on the server. This can lead to remote code execution if critical files, such as wp-config.php, are deleted.

Recommendations For Moving Media Library plugin for WordPress versions up to, and including, 1.22, update to a version that includes a fix for the insufficient file path validation in the generate json page function to prevent arbitrary file deletion.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-13897

Affected Products

Moving Media Library

PT-2025-9911 · WordPress · Moving Media Library

CVE-2024-13897

Weakness Enumeration

Related Identifiers

Affected Products

References · 6