CSRF Vulnerability in WordPress Media File Renamer Plugin (<= 5.1.9) Allows Unauthorized Media Manipulation

CSRF Vulnerability in WordPress Media File Renamer Plugin (<= 5.1.9) Allows Unauthorized Media Manipulation

CVE-2021-36850 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.

Learn more about our Wordpress Pen Testing.