VYPR

Phoenix Media Rename

by WordPress

CVEs (1)

  • CVE-2021-24816MedNov 8, 2021
    risk 0.28cvss 4.3epss 0.01

    The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.