Insert or Embed Articulate Content into WordPress <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename
The lack of CSRF, Authorisation and Path Traversal checks in wp_ajax_del_dir() and wp_ajax_rename_dir() AJAX methods in functions.php make it possible for an authenticated user with a role as low as subscriber to delete and rename arbitrary folders. CSRF attacks against such authenticated users is also possible, in order to make them perform those malicious actions.
|Proof of Concept||
fixed in version 4.29991
|Publicly Published||2019-07-02 (22 days ago)|
|Added||2019-07-02 (21 days ago)|
|Last Updated||2019-07-16 (7 days ago)|