Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal



Description
CSRF leading to attachment deletion via the acui_delete_attachment() AJAX function.

Affects Plugin

fixed in version 1.14.2.2

References

CVE 2019-15326
CVE 2019-14683
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2112013%40import-users-from-csv-with-meta&old=2104143%40import-users-from-csv-with-meta

Classification

Type MULTI

Miscellaneous

Views 2701
Verified No
WPVDB ID 9392

Timeline

Publicly Published 2019-06-22 (5 months ago)
Added 2019-06-26 (5 months ago)
Last Updated 2019-08-23 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin