Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462 - Exploit, Third Party Advisory |
Information
Published : 2022-06-13 13:15
Updated : 2024-11-21 06:41
NVD link : CVE-2022-1788
Mitre link : CVE-2022-1788
CVE.ORG link : CVE-2022-1788
JSON object : View
Products Affected
change_uploaded_file_permissions_project
- change_uploaded_file_permissions
CWE
CWE-352
Cross-Site Request Forgery (CSRF)