CVE-2019-14793

MEDIUM

Meta Box < 4.16.3 - Authenticated Arbitrary File Deletion via AJAX Action

Title source: llm
STIX 2.1

Description

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.

Scores

CVSS v3 6.5
EPSS 0.0100
EPSS Percentile 58.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
metabox/meta_box < 4.16.3
Published Aug 09, 2019
Tracked Since Feb 18, 2026