Medium severity4.3NVD Advisory· Published Nov 8, 2021· Updated Jun 17, 2026
CVE-2021-24816
CVE-2021-24816
Description
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Phoenix Media Renamedescription
- Range: <3.4.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5f63d677-20f3-4fe0-bb90-048b6898e6cdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.