11.16

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

riverforest-wp

NVD

Published: 2023-09-04

Updated: 2023-11-07

Summary

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

Vulnerable Configurations

Part	Description	Count
Application	Riverforest-Wp Riverforest WP Media From FTP - Riverforest WP Media From FTP 11.15 Riverforest WP Media From FTP 11.16	3

References

https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d