VYPR
Unrated severityNVD Advisory· Published Sep 20, 2021· Updated Aug 3, 2024

OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

CVE-2021-24639

Description

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/OMGF plugindescription
  • Daan/Omgfllm-fuzzy
    Range: <4.5.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.