WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress <= 5.0 - Authenticated File Delete

Description

According to WordPress:

"Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to."

Affects WordPress

3.8.1
Fixed in version 3.8.28
3.8
Fixed in version 3.8.28
3.7.1
Fixed in version 3.7.28
3.9
Fixed in version 3.9.26
3.9.1
Fixed in version 3.9.26
3.7
Fixed in version 3.7.28
3.8.2
Fixed in version 3.8.28
3.8.3
Fixed in version 3.8.28
3.9.2
Fixed in version 3.9.26
4.0
Fixed in version 4.0.25

References

CVE
CVE-2018-20147
URL
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

Classification

Type

UNKNOWN

Miscellaneous

Original Researcher

RIPS Technologies (Karim El Ouerghemmi)

Submitter

Ryan Dewhurst

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
e3ef8976-11cb-4854-837f-786f43cbdf44

Timeline

Publicly Published

2018-12-13 (about 4 years ago)

Added

2018-12-13 (about 4 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin