CVE-2023-4019 Information

Description

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin which may allow users with author+ privileges to move files around like wp-config.php which may lead to RCE in some cases.

Reference

https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d