WordPress Plugin Vulnerabilities

Easy Media Replace < 0.2.0 - Author+ File Deletion

Description

The plugin does not validate path of files to be deleted, which could allow users with a role of Author and above to delete files (with an allowed extension)

Affects Plugins

Plugin icon
easy-media-replace
Fixed in 0.2.0

References

CVE
CVE-2022-46850

Classification

Type
FILE DELETION
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-73
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Jeong Seong Ho
Verified
No
WPVDB ID
c8f651c0-f11e-4617-9efd-a38b676c3d76

Timeline

Publicly Published
2023-03-28 (about 3 years ago)
Added
2023-06-19 (about 2 years ago)
Last Updated
2023-06-19 (about 2 years ago)

Other

Published
Title
Published
2025-10-31
Title
Import WP – Export and Import CSV and XML files to WordPress < 2.14.17 - Authenticated (Admin+) Arbitrary File Read
Published
2025-12-20
Title
WPvivid Backup & Migration < 0.9.121 - Admin+ Arbitrary Directory Creation
Published
2025-11-20
Title
简数采集器 < 2.6.4 - Authenticated (Admin+) Arbitrary File Read
Published
2025-11-11
Title
WooMulti <= 1.7 - Subscriber+ Arbitrary File Deletion
Published
2025-07-30
Title
NinjaScanner < 3.2.6 - Admin+ Arbitrary File Deletion