WordPress Plugin Vulnerabilities

Media from FTP < 11.17 - Author+ Arbitrary File Access

Description

The plugin does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

In 11.16, the manage_options capability was used, however is still insufficient in case of MultiSite setups

Proof of Concept

Affects Plugins

Plugin icon
media-from-ftp
Fixed in 11.17

References

CVE
CVE-2023-4019
URL
https://blog.cleantalk.org/cve-2023-4019-media-from-ftp-11-17-author-arbitrary-file-access-via-path-traversal/

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
9.1 (critical)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://blog.cleantalk.org
Verified
Yes
WPVDB ID
0d323b07-c6e7-4aba-85bc-64659ad0c85d

Timeline

Publicly Published
2023-08-14 (about 2 years ago)
Added
2023-08-14 (about 2 years ago)
Last Updated
2023-08-22 (about 2 years ago)

Other

Published
Title
Published
2024-09-04
Title
SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure
Published
2025-09-11
Title
Recipe Card Blocks for Gutenberg & Elementor < 3.4.9 - Incorrect Authorization
Published
2025-04-16
Title
Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products < 2.7.8 - Unauthenticated Sensitive Information Exposure
Published
2025-03-03
Title
Wallet System for WooCommerce < 2.6.3 - Missing Authorization
Published
2022-11-16
Title
SVG Support 2.5-2.5.1 - Author+ Stored XSS