Description
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.225)
WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)
WordPress Plugin Web Application Firewall-website security Privilege Escalation (2.1.1)
Oracle HTTP Server CVE-2014-0098 Vulnerability (CVE-2014-0098)