Login

Tag Archives: Authenticated Media Deletion

13 May 2025

Our Proactive Monitoring of WordPress Plugins Caught an Authenticated Media Deletion Vulnerability in Modula

One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. For our customers, we also run the plugins they use through an expanded version of that monitoring on a weekly basis. (Which is a good reason to use our service.) Through that, we caught a variant of one of those vulnerabilities, an authenticated media deletion vulnerability, in the plugin Modula.

In the file /includes/admin/class-modula-gallery-upload.php, the function ajax_unzip_file() is registered to be accessible to those logged in to WordPress: [Read more]

2 Sep 2016

Authenticated Media Deletion Vulnerability in Import users from CSV with meta

One frequent source of security issues being discovered these days is lack of proper restriction on who can access in functions that are made accessible through WordPress’ AJAX functionality. By default those functions are accessible to anyone who is logged in to WordPress, even though the functions are often intended to only accessible to high level users. For many websites where there is only a single Administrator account or small amount of trusted users these vulnerabilities don’t pose a risk, but for plugins that are intended to be used in environments where that isn’t the case it is more of a concern. One such plugin is Import users from CSV with meta, which allows for importing thousands of users quickly.

As of version 1.9.4.6, the plugin made the function acui_delete_attachment() available through the AJAX functionality in the file /import-users-from-csv-with-meta.php here: [Read more]