Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution" "... makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. ..." --> siehe auch [1] --> PoC auf [2] VG Bernd [0] https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/med... [1] https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ [2] https://github.com/Patrowl/CVE-2023-4634 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ