The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.
History

Tue, 03 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Maxfoundry
Maxfoundry media Library Folders
CPEs cpe:2.3:a:maxfoundry:media_library_folders:*:*:*:*:*:wordpress:*:*
Vendors & Products Maxfoundry
Maxfoundry media Library Folders

Fri, 30 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 30 Aug 2024 09:45:00 +0000

Type Values Removed Values Added
Description The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.
Title Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-30T09:29:49.791Z

Updated: 2024-08-30T14:48:04.872Z

Reserved: 2024-08-15T17:32:52.998Z

Link: CVE-2024-7858

cve-icon Vulnrichment

Updated: 2024-08-30T14:47:59.810Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-30T10:15:07.330

Modified: 2024-09-03T14:34:09.017

Link: CVE-2024-7858

cve-icon Redhat

No data.