Filtered by vendor Phoenix Media Rename Project Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-24816 1 Phoenix Media Rename Project 1 Phoenix Media Rename 2024-11-21 4.3 Medium
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.