2 matches found
PT-2023-16453 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax unassign folders function, which allows authenticated attackers with subscriber-level...
CVE-2021-24919
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...