14 matches found
CVE-2025-12640
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...
CVE-2025-12640
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...
EUVD-2026-1598
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...
CVE-2025-12640
CVE-2025-12640 concerns the WordPress plugin Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager . According to Wordfence, versions up to 3.1.5 are affected by an unauthorized arbitrary media replacement vulnerability caused by missing object-level authorizati...
CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...
CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...
PT-2026-1699
Name of the Vulnerable Software and Affected Versions The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress versions up to and including 3.1.5 Description The Folders plugin for WordPress is susceptible to unauthorized arbitrary media...
WordPress plugin Folders 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Folders plugin <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement vulnerability
Missing Authorization to Authenticated Author+ Media Replacement vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Folders versions = 3.1.5...
EUVD-2025-150410
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayerreplacepage function due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12366
CVE-2025-12366: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress has an Insecure Direct Object Reference in versions up to 2.0.5, caused by missing validation in pagelayer_replace_page. This authenticated vulnerability affects users with Author-level access and abo...
PT-2025-46778
Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions up to and including 2.0.5 Description The Page Builder: Pagelayer WordPress plugin has an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the pagelaye...