cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0293,https://securityvulnerability.io/vulnerability/CVE-2023-0293,Authorization Bypass in Mediamatic Media Library Folders Plugin for WordPress,"The Mediamatic – Media Library Folders plugin for WordPress contains an authorization bypass issue due to a lack of capability checks on its AJAX actions. This vulnerability affects versions up to and including 2.8.1, allowing authenticated attackers with subscriber-level permissions or higher to modify image categories. This manipulation can disrupt the organization of images in folder views, presenting a significant risk for sites relying on this plugin for media management.",Wordpress,Mediamatic – Media Library Folders,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-01-13T20:15:00.000Z,0
CVE-2023-0294,https://securityvulnerability.io/vulnerability/CVE-2023-0294,Cross-Site Request Forgery in Mediamatic Media Library Folders Plugin for WordPress,"The Mediamatic – Media Library Folders plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to faulty nonce validation in its AJAX actions function. This vulnerability allows unauthenticated attackers to manipulate image categories by deceiving site administrators into triggering forged requests, such as clicking a malicious link. Proper nonce verification should be implemented to mitigate this risk and prevent unauthorized actions within the plugin.",Wordpress,Mediamatic – Media Library Folders,4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-01-13T20:15:00.000Z,0
CVE-2021-24848,https://securityvulnerability.io/vulnerability/CVE-2021-24848,Mediamatic < 2.8.1 - Subscriber+ SQL Injection,"The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection",Wordpress,Mediamatic – Media Library Folders,8.8,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2021-12-13T10:41:07.000Z,0