Description
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.1)
WordPress Plugin DukaPress PHP Object Injection (3.1.20)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)
Python URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-1000110)
WordPress Plugin Ultimate WordPress Auction Multiple Vulnerabilities (4.0.5)