The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Sep 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Maxfoundry
Maxfoundry media Library Folders |
|
CPEs | cpe:2.3:a:maxfoundry:media_library_folders:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Maxfoundry
Maxfoundry media Library Folders |
Fri, 30 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 30 Aug 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings. | |
Title | Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions | |
Weaknesses | CWE-862 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-30T09:29:49.791Z
Updated: 2024-08-30T14:48:04.872Z
Reserved: 2024-08-15T17:32:52.998Z
Link: CVE-2024-7858
Vulnrichment
Updated: 2024-08-30T14:47:59.810Z
NVD
Status : Analyzed
Published: 2024-08-30T10:15:07.330
Modified: 2024-09-03T14:34:09.017
Link: CVE-2024-7858
Redhat
No data.