CVE-2025-12640

CVE-2025-12640 concerns the WordPress plugin Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager . According to Wordfence, versions up to 3.1.5 are affected by an unauthorized arbitrary media replacement vulnerability caused by missing object-level authorizati...

Exploit for CVE-2025-23968

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GP...

CVE-2025-28948

Cross-Site Request Forgery CSRF vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

CVE-2025-28948

Cross-Site Request Forgery CSRF vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

CVE-2025-28948 WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

CVE-2025-28948

CVE-2025-28948: A CSRF-to-Reflected-XSS issue in Mediabay – WordPress Media Library Folders (WordPress plugin) affects versions = 1.4 or a stated fixed version.

WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability

WordPress Mediabay - WordPress Media Library Folders plugin = 1.4 - CSRF to Reflected XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Mediabay - WordPress Media Library Folders versions = 1.4...

CVE-2024-2328

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Media Library Tools Plugin < 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Tools Type Plugin Vulnerable versions 1.5.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10482 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 79520509f6a4 Credits Bob Matyas Required...

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...

WordPress Media Library Folders Plugin <= 8.2.2 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7857 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID af7783c77043 Credits Lucio Sá Required privilege Subscriber...

WordPress Media Library Assistant Plugin <= 3.18 is vulnerable to Arbitrary File Upload

Software Media Library Assistant Type Plugin Vulnerable versions = 3.18 Fixed in 3.19 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6823 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 84d8203c5d37 Credits wesley wcraft Required privile...

WordPress Media Library Assistant Plugin <= 3.17 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.17 Fixed in 3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5544 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1feab5b6d22c Credits Le Ngoc Anh...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3518 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fe78e3bb0aff Credits Thanh Nam Tran Required privilege Contributo...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2ec0a790f20 Credits Le Ngoc Anh...

WordPress Media Library Folders Plugin <= 8.1.8 is vulnerable to Directory Traversal

Software Media Library Folders Type Plugin Vulnerable versions = 8.1.8 Fixed in 8.1.9 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-31287 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ba4e95251ee0 Credits Majed Refaea Required privilege Autho...

WordPress Media Library Assistant Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2475 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 37f010ff5d22 Credits stealthcopter...

WordPress Plugin Media Library Assistant 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.11 Fixed in 3.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24385 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5e6c468b6a3a Credits n0paew Required...

WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34010 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID f822de5bf135 Credits Phd...