Description

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.

Remediation

References

CVE-2018-20147

Related Vulnerabilities

PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4748)

WordPress Plugin Multiple Roles Cross-Site Request Forgery (1.3.1)

WordPress Plugin Intuitive Custom Post Order Multiple Vulnerabilities (3.1.3)

WordPress Plugin WP RSS By Publishers Multiple SQL Injection Vulnerabilities (0.1)

PHP Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2007-0455)

Severity

Medium

Classification

CVE-2018-20147 CWE-863 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities