Microsoft Azure Storage for WordPress Unauthorized Arbitrary Media Deletion Vulnerability

A vulnerability allowing unauthorized deletion of arbitrary media files has been identified in the Microsoft Azure Storage for WordPress plugin, affecting all versions through 4.5.1. The issue arises from inadequate capability checks on the 'azure-storage-media-replace' AJAX action, enabling authenticated attackers with subscriber-level access or higher to remove media files from the WordPress Media Library. Exploitation requires access to a nonce, which is available to all authenticated users.

Impact

Exploitation of this vulnerability allows for the arbitrary deletion of media files from the WordPress Media Library.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can send a request to the 'azure-storage-media-replace' AJAX action. The request must include the 'replace_attachment' parameter, specifying the ID of the media file to be deleted, and the nonce for verification, which is exposed to all authenticated users.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.