CVE-2024-1170

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.

Related Vulnerabilities

CVE-2016-3436

HIGH
CVSS:8.2(High)

Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via...

NVD-CWE-Other2016

CVE-2016-3437

HIGH
CVSS:8.2(High)

Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address P...

NVD-CWE-Other2016

CVE-2016-3438

HIGH
CVSS:8.2(High)

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors ...

NVD-CWE-Other2016

CVE-2016-3439

HIGH
CVSS:8.2(High)

Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Numbe...

NVD-CWE-Other2016

CVE-2016-3456

HIGH
CVSS:8.2(High)

Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confident...

NVD-CWE-Other2016

CVE-2016-3491

HIGH
CVSS:8.2(High)

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wire...

NVD-CWE-Other2016