How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

Contact

WordPress Vulnerabilities

WordPress <= 5.0 - Authenticated File Delete

Description

According to WordPress:

"Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to."

Affects WordPress

3.8.1

Fixed in version 3.8.28

3.8

Fixed in version 3.8.28

3.7.1

Fixed in version 3.7.28

3.9

Fixed in version 3.9.26

3.9.1

Fixed in version 3.9.26

3.7

Fixed in version 3.7.28

3.8.2

Fixed in version 3.8.28

3.8.3

Fixed in version 3.8.28

3.9.2

Fixed in version 3.9.26

4.0

Fixed in version 4.0.25

References

CVE

CVE-2018-20147

URL

https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

Classification

Type

UNKNOWN

Miscellaneous

Original Researcher

RIPS Technologies (Karim El Ouerghemmi)

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

e3ef8976-11cb-4854-837f-786f43cbdf44

Timeline

Publicly Published

2018-12-13 (about 3 years ago)

Added

2018-12-13 (about 3 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin