CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/14 11:24 a.m.•23 views

CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename

The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the deletemaxgalleriamedia and maxgalleriarenameimage functions due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00209EPSS

ATTACKERKB•added 2026/02/14 11:24 a.m.•4 views

CVE-2026-2312

Vulnrichment•added 2026/02/14 11:24 a.m.•2 views

Exploits0References3

CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename

CNNVD•added 2026/02/14 12:0 a.m.•4 views

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00209EPSS

Patchstack•added 2026/02/13 11:55 p.m.•4 views

WordPress Media Library Folders plugin <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Attachment Deletion and Rename vulnerability discovered by shivanandsnaidu - naidu computers in WordPress Plugin Media Library Folders versions = 8.3.6...

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/01 8:27 p.m.•13 views

CVE-2025-28949

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

8.5CVSS5.6AI score0.00209EPSS

Vulnrichment•added 2025/12/31 8:0 p.m.•1 views

CVE-2025-28949 WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability

8.5CVSS7.3AI score0.00209EPSS

Cvelist•added 2025/12/31 8:0 p.m.•24 views

CVE-2025-28949 WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability

8.5CVSS0.00209EPSS

CVE•added 2025/12/31 8:0 p.m.•25 views

CVE-2025-28949

CVE-2025-28949 for Mediabay - WordPress Media Library Folders: an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability allowing Blind SQL Injection in Mediabay = 1.5 or patch-level fixes) and confirm the affected software is the Mediabay plugin for Word...

8.5CVSS5.6AI score0.00209EPSS

CNNVD•added 2025/12/31 12:0 a.m.•1 views

WordPress plugin Mediabay - WordPress Media Library Folders SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress plugin...

8.5CVSS5.9AI score0.00209EPSS