Security Advisory

CVE-2021-36850

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-04 16:57:04
Last updated 2026-04-28 16:07:34
Assigner Patchstack
State PUBLISHED

Description

Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.