EUVD-2025-203211

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...

CVE-2025-14508 MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...

WordPress MediaCommander plugin <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion vulnerability

Missing Authorization to Authenticated Author+ Media Folder Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin MediaCommander versions = 2.3.1...

PT-2025-51079

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using upload files capabili...