cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7858,https://securityvulnerability.io/vulnerability/CVE-2024-7858,Unauthorized Access to Media Files and Folders via Missing Capability Checks,"The Media Library Folders plugin for WordPress is exposed to unauthorized access because of insufficient capability checks on multiple AJAX functions found in the media-library-plus.php file. This weakness affects all versions of the plugin through 8.2.3, allowing authenticated attackers with subscriber-level permission or higher to execute various actions that can manipulate media files and folders, as well as alter plugin settings. This vulnerability highlights the critical need for rigorous access controls within WordPress plugins to protect against potential insider threats.",Wordpress,Media Library Folders,6.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-30T09:29:49.791Z,0
CVE-2024-7857,https://securityvulnerability.io/vulnerability/CVE-2024-7857," SQL Injection Vulnerability in Media Library Folders for WordPress","The Media Library Folders plugin for WordPress exposes a vulnerability that allows for second order SQL injection. This issue arises from inadequate escaping of the 'sort_type' parameter in the 'mlf_change_sort_type' AJAX action. Authenticated attackers, with at least subscriber-level access, can exploit this vulnerability to insert malicious SQL queries into existing database queries. As a result, sensitive information can be extracted from the database, posing a significant risk to the security of WordPress installations utilizing this plugin.",Wordpress,Media Library Folders,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-08-29T02:31:30.608Z,0
CVE-2024-7317,https://securityvulnerability.io/vulnerability/CVE-2024-7317,Stored Cross-Site Scripting Vulnerability in Folder Plugin,"The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-06T10:59:36.262Z,0
CVE-2024-2023,https://securityvulnerability.io/vulnerability/CVE-2024-2023,Arbitrary File Upload Vulnerability in Folders and Folders Pro Plugin,"The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager,Folders Pro",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-14T12:50:56.493Z,0
CVE-2024-3868,https://securityvulnerability.io/vulnerability/CVE-2024-3868,Stored Cross-Site Scripting Vulnerability in Folders Pro Plugin,"The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager",5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-04T02:31:34.852Z,0
CVE-2024-2328,https://securityvulnerability.io/vulnerability/CVE-2024-2328,Stored Cross-Site Scripting Vulnerability in Media Library Folder & File Manager Plugin,"The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Real Media Library: Media Library Folder & File Manager,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:42.916Z,0
CVE-2024-2346,https://securityvulnerability.io/vulnerability/CVE-2024-2346,Insecure Direct Object Reference in FileBird Plugin for WordPress,"The FileBird plugin for WordPress contains a vulnerability that allows authenticated users with author access or higher to exploit missing validation on a user-controlled key. This can lead to the deletion of folders created by other users, revealing file uploads and compromising the integrity of the media library. This flaw affects all versions up to and including 5.6.3, highlighting the need for immediate updates and security measures.",Wordpress,Filebird – WordPress Media Library Folders & File Manager,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:18.829Z,0
CVE-2024-2345,https://securityvulnerability.io/vulnerability/CVE-2024-2345,Stored Cross-Site Scripting Vulnerability in FileBird Plugin for WordPress,"The FileBird plugin for WordPress is susceptible to stored cross-site scripting due to insufficient input validation and output sanitization when handling the folder name parameter. This vulnerability enables authenticated attackers, who have author-level permissions or higher, to inject arbitrary scripts into folder names that execute whenever any user accesses a page with an injected folder name. This poses significant security risks, as it compromises the integrity of web pages viewed by users. It’s crucial for site administrators to update to secure versions and adopt best practices in input validation to mitigate risks associated with this vulnerability.",Wordpress,Filebird – WordPress Media Library Folders & File Manager,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:46.891Z,0
CVE-2024-3615,https://securityvulnerability.io/vulnerability/CVE-2024-3615,Reflected Cross-Site Scripting Vulnerability in Media Library Folders for WordPress,"The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Media Library Folders,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-19T02:34:42.674Z,0
CVE-2024-2027,https://securityvulnerability.io/vulnerability/CVE-2024-2027,Stored Cross-Site Scripting Vulnerability in Real Media Library Plugin for WordPress,"The Real Media Library plugin for WordPress allows for Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in its style attributes. This vulnerability impacts all versions up to and including 4.22.7, enabling authenticated attackers with contributor access or higher to inject malicious web scripts. These scripts can execute whenever a user accesses a page that has been compromised, leading to potential unauthorized actions and data exposure.",Wordpress,Real Media Library: Media Library Folder & File Manager,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:52.514Z,0
CVE-2024-0691,https://securityvulnerability.io/vulnerability/CVE-2024-0691,Stored Cross-Site Scripting Vulnerability in FileBird Plugin for WordPress,"The FileBird plugin for WordPress contains a vulnerability that allows authenticated attackers with administrator privileges to perform Stored Cross-Site Scripting (XSS) attacks. This exploit is made possible due to insufficient input sanitization and output escaping when importing folder titles. As a result, attackers can inject arbitrary scripts that may execute whenever a user accesses the compromised page, potentially leading to unauthorized actions or data exposure. Additionally, attackers might use social engineering tactics to trick an administrator into uploading a malicious folder import that could further exploit this vulnerability.",Wordpress,FileBird – WordPress Media Library Folders & File Manager,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:43.434Z,0
CVE-2023-0285,https://securityvulnerability.io/vulnerability/CVE-2023-0285,Real Media Library < 4.18.29 - Author+ Stored XSS,"The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.",Wordpress,Real Media Library: Media Library Folder & File Manager,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-21T09:15:00.000Z,0
CVE-2023-0294,https://securityvulnerability.io/vulnerability/CVE-2023-0294,Cross-Site Request Forgery in Mediamatic Media Library Folders Plugin for WordPress,"The Mediamatic – Media Library Folders plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to faulty nonce validation in its AJAX actions function. This vulnerability allows unauthenticated attackers to manipulate image categories by deceiving site administrators into triggering forged requests, such as clicking a malicious link. Proper nonce verification should be implemented to mitigate this risk and prevent unauthorized actions within the plugin.",Wordpress,Mediamatic – Media Library Folders,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-01-13T20:15:00.000Z,0
CVE-2023-0293,https://securityvulnerability.io/vulnerability/CVE-2023-0293,Authorization Bypass in Mediamatic Media Library Folders Plugin for WordPress,"The Mediamatic – Media Library Folders plugin for WordPress contains an authorization bypass issue due to a lack of capability checks on its AJAX actions. This vulnerability affects versions up to and including 2.8.1, allowing authenticated attackers with subscriber-level permissions or higher to modify image categories. This manipulation can disrupt the organization of images in folder views, presenting a significant risk for sites relying on this plugin for media management.",Wordpress,Mediamatic – Media Library Folders,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-01-13T20:15:00.000Z,0
CVE-2022-41634,https://securityvulnerability.io/vulnerability/CVE-2022-41634,WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.,Wordpress,Media Library Folders (WordPress Plugin),5.4,MEDIUM,0.0010100000072270632,false,,false,false,false,,false,false,2022-11-18T23:15:00.000Z,0
CVE-2021-24848,https://securityvulnerability.io/vulnerability/CVE-2021-24848,Mediamatic < 2.8.1 - Subscriber+ SQL Injection,"The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection",Wordpress,Mediamatic – Media Library Folders,8.8,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2021-12-13T10:41:07.000Z,0