Alchemist Ajax Upload WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Media Deletion
Vulnerability
A vulnerability exists in the Alchemist Ajax Upload plugin for WordPress, specifically in versions through 1.1, allowing for unauthorized deletion of media files. This issue arises from a lack of proper capability checks in the 'delete_file' function, enabling unauthenticated users to remove arbitrary media attachments from WordPress.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of WordPress media files, potentially leading to loss of important content or disruption of media-related functionalities on the site.
Remediation
No patch is currently available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.