The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-09-04T11:27:02.512Z

Updated: 2024-08-02T07:17:11.565Z

Reserved: 2023-07-31T14:45:28.127Z

Link: CVE-2023-4019

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-04T12:15:10.037

Modified: 2023-11-07T04:22:03.283

Link: CVE-2023-4019

cve-icon Redhat

No data.