Media from FTP < 11.17 - Author+ Arbitrary File Access
CVE-2023-4019
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 4 September 2023
Badges
What is CVE-2023-4019?
The Media from FTP plugin for WordPress prior to version 11.17 is susceptible to an improper access control vulnerability. This flaw allows users with elevated author+ privileges to exploit the plugin's file management capabilities. Consequently, they may move essential files, such as wp-config.php, potentially leading to remote code execution in certain environments. It is crucial for users to update to the latest version to mitigate this risk.
Affected Version(s)
Media from FTP 0 < 11.17
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved