4 matches found
CVE-2024-7857
The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sorttype' parameter of the 'mlfchangesorttype' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...
CVE-2024-7857
CVE-2024-7857 affects the Media Library Folders (media-library-plus) WordPress plugin. It enables second-order SQL Injection via the sort_type parameter in the mlf_change_sort_type AJAX action, in all versions up to and including 8.2.2, due to insufficient escaping and query preparation. Exploita...
CVE-2024-7857 Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection
The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sorttype' parameter of the 'mlfchangesorttype' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...
WordPress Media Library Folders Plugin <= 8.2.2 is vulnerable to SQL Injection
Software Media Library Folders Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7857 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID af7783c77043 Credits Lucio Sá Required privilege Subscriber...