VYPR
Unrated severityNVD Advisory· Published Jun 13, 2022· Updated Aug 3, 2024

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

CVE-2022-1777

Description

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/Filrdescription
  • Novell/Filrllm-fuzzy
    Range: <1.2.2.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.