The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-02-08T01:04:50.748Z

Updated: 2024-08-02T05:24:33.098Z

Reserved: 2023-02-07T17:19:20.494Z

Link: CVE-2023-0724

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-08T02:15:08.343

Modified: 2024-11-21T07:37:42.103

Link: CVE-2023-0724

cve-icon Redhat

No data.