Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution"
"... makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. ..."
--> siehe auch [1]
--> PoC auf [2] VG
Bernd
[0] https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/med...
[1] https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
[2] https://github.com/Patrowl/CVE-2023-4634