MediaCommander WordPress Plugin Unauthorized Data Deletion Vulnerability
Vulnerability
A vulnerability exists in the MediaCommander WordPress plugin, specifically in versions through 2.3.1, allowing for unauthorized deletion of media folders. This issue arises from a missing capability check on the import-csv REST API endpoint, which is exploited by authenticated users with Author-level access. The endpoint's reliance on the 'upload_files' capability for a destructive action enables these users to remove all folder organization data, including that created by Administrators and other users.
Impact
Exploitation of this vulnerability allows for the deletion of all folder organization data within the MediaCommander plugin, disrupting the user's ability to manage and access media, posts, and pages effectively.
Reproduction
To reproduce this vulnerability, an authenticated user with Author-level access can send a request to the import-csv REST API endpoint without the necessary authorization to delete media folders. This can be done by bypassing the 'upload_files' capability check, which is intended to prevent such actions.
Remediation
Users are advised to update the MediaCommander WordPress plugin to version 2.4.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.