CVE Daily

CVE-2018-20147

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to...

Medium CVSS 6.5

Overview

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.

CWE: CWE-863 Published: 2018-12-14T20:29:00.343
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.5 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags