Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:56 a.m.10 views

CVE-2024-7857

The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sorttype' parameter of the 'mlfchangesorttype' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

9.8CVSS7.2AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 2024/08/29 2:31 a.m.62 views

CVE-2024-7857

CVE-2024-7857 affects the Media Library Folders (media-library-plus) WordPress plugin. It enables second-order SQL Injection via the sort_type parameter in the mlf_change_sort_type AJAX action, in all versions up to and including 8.2.2, due to insufficient escaping and query preparation. Exploita...

9.8CVSS9.5AI score0.00451EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/29 2:31 a.m.23 views

CVE-2024-7857 Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection

The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sorttype' parameter of the 'mlfchangesorttype' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

6.5CVSS0.00451EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.11 views

WordPress Media Library Folders Plugin <= 8.2.2 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7857 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID af7783c77043 Credits Lucio Sá Required privilege Subscriber...

9.8CVSS6.8AI score0.00451EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder