Description
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)
WordPress Plugin Advanced AJAX Page Loader Arbitrary File Upload (2.7.6)
WordPress Plugin Credova_Financial Information Disclosure (1.4.8)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-2562)
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)