Lucene search

WordfenceCVELIST:CVE-2023-0293

HistoryJan 13, 2023 - 7:44 p.m.

CVE-2023-0293

2023-01-1319:44:45

Wordfence

www.cve.org

mediamatic

media library folders

wordpress

authorization bypass

capability check

ajax actions

vulnerability

image categories

folder views

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views.

CNA Affected

[
  {
    "vendor": "plugincraft",
    "product": "Mediamatic – Media Library Folders",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.8.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/mediamatic/trunk/inc/sidebar.php?rev=2652957#L343

www.wordfence.com/threat-intel/vulnerabilities/id/e5c87ae0-9a53-4292-a4d3-05b3bdb37b71

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVELIST:CVE-2023-0293