Description
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2022-21386 Vulnerability (CVE-2022-21386)
ZenCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0697)
WordPress Plugin Author Stats Cross-Site Scripting (1.3)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.56)
WordPress Plugin White Label CMS Cross-Site Request Forgery (1.5)