Security Advisory

CVE-2023-4019

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-04 11:27:02

Last updated 2025-04-23 16:17:56

Assigner WPScan

State PUBLISHED

Description

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

← Browse all CVEs View on cve.org ↗