4 matches found
CVE-2021-24848
CVE-2021-24848 affects the Mediamatic WordPress plugin prior to 2.8.1. The mediamaticAjaxRenameCategory action accepts categoryID from authenticated users and uses it in a SQL statement without sanitisation, enabling SQL injection. Impact is partial confidentiality/integrity/availability (per CVS...
CVE-2023-0293
The CVE-2023-0293 entry concerns the WordPress plugin Mediamatic – Media Library Folders . A missing capability check on the plugin’s AJAX actions in versions up to and including 2.8.1 enables an attacker authenticated as a subscriber or higher to bypass authorization and alter image categories u...
CVE-2023-0294
The Mediamatic – Media Library Folders WordPress plugin (up to version 2.8.1) is affected by a Cross-Site Request Forgery due to missing/incorrect nonce validation on its AJAX actions. An unauthenticated attacker can coerce a site administrator into performing actions that change image categories...
CVE-2022-47144
CVE-2022-47144 affects Plugincraft Mediamatic – Media Library Folders plugin for WordPress, version