This could allow high privilege users to delete the contents of the media folder outside the web root and possibly leak sensitive information. WordPress 4.0.1 and later addresses this issue by ensuring renamed files are moved to the Upload folder.
Enabling media replace in WordPress 4.0.0 or earlier with a file name containing a colon (:) in the middle will result in a validation error and the file will not be renamed. In such a scenario, the plugin will not be able to protect the media file from being deleted outside the media folder. This could be exploited by malicious users to potentially leak sensitive information.
Plugin developers are advised to update their plugin to version 4.0.1 or later as soon as possible.
CVE-2021-2553
This could allow high privilege users to delete the contents of the media folder outside the web root and possibly leak sensitive information. WordPress 4.0.1 and later addresses this issue by ensuring renamed files are moved to the Upload folder.
Enabling media replace in WordPress 4.0.0 or earlier with a file name containing a colon (:) in the middle will result in a validation error and the file will not be renamed. In such a scenario, the plugin will not be able to protect the media file from being deleted outside the media folder. This could be exploited by malicious users to potentially leak sensitive information.
Plugin developers are advised to update their plugin to version 4.0.1 or later as soon as possible.
Timeline
Published on: 10/10/2022 21:15:00 UTC
Last modified on: 10/11/2022 18:01:00 UTC