cleantalk
Vulnerabilities and Security Researches

Media Hygiene: Remove or Delete Unused Images and More!, CVE-2024-5855

CVE, Research URL

CVE-2024-5855

Home page URL

Security reports for Media Hygiene: Remove or Delete Unused Images and More!

Application

Media Hygiene: Remove or Delete Unused Images and More!

Published on
Jul 09, 2024
Research Description
The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.
Affected versions
Min -, max 3.0.2.
Status
vulnerable
Previous vulnerability researches
Media Hygiene: Remove or Delete Unused Images and More! (CVE-2024-5855) , Jul 10, 2024
Media Hygiene: Remove or Delete Unused Images and More! (CVE-2025-47469) , May 09, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025