Lucene search
K
MaxfoundryMedia Library Folders

7 matches found

CVE
CVE
added 2024/03/29 1:39 p.m.82 views

CVE-2024-30486

CVE-2024-30486 is an authenticated SQL injection in the WordPress plugin Media Library Folders (Media Library Folders: 8.1.7 and earlier). The issue arises from improper neutralization of input in SQL commands, enabling an attacker with Author+ or higher permissions to manipulate queries. The vul...

8.8CVSS8.9AI score0.00577EPSS
CVE
CVE
added 2024/04/19 2:34 a.m.75 views

CVE-2024-3615

CVE-2024-3615 : The WordPress plugin Media Library Folders (Media Library Folders) is vulnerable to Reflected XSS via the s parameter in all versions up to 8.2.0 due to insufficient input sanitization and output escaping. Exploitation requires an action by a user (e.g., clicking a crafted link) a...

6.1CVSS6.3AI score0.00385EPSS
CVE
CVE
added 2025/02/15 8:25 a.m.69 views

CVE-2025-0935

CVE-2025-0935 concerns the WordPress plugin Media Library Folders (versions up to and including 8.3.0). The issue is a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access or higher to change plugin settings (e.g., IP-blocking). Impact is una...

4.3CVSS6.7AI score0.0031EPSS
CVE
CVE
added 2022/11/18 10:27 p.m.65 views

CVE-2022-41634

CVE-2022-41634 : CSRF vulnerability in WordPress “Media Library Folders” plugin (versions <= 7.1.1). Root cause: CSRF check missing in plugin operations, enabling an authenticated user to be tricked into performing unintended actions. Impact per sources: potential manipulation/deletion of plug...

8.8CVSS7.1AI score0.00276EPSS
CVE
CVE
added 2024/08/29 2:31 a.m.61 views

CVE-2024-7857

CVE-2024-7857 affects the Media Library Folders (media-library-plus) WordPress plugin. It enables second-order SQL Injection via the sort_type parameter in the mlf_change_sort_type AJAX action, in all versions up to and including 8.2.2, due to insufficient escaping and query preparation. Exploita...

9.8CVSS9.5AI score0.00451EPSS
CVE
CVE
added 2024/04/10 4:7 p.m.58 views

CVE-2024-31287

CVE-2024-31287 affects Max Foundry Media Library Folders (WordPress plugin). The vulnerability is described as improper limitation of a pathname to a restricted directory (path traversal) and impacts Media Library Folders: from n/a through 8.1.8. Connected Red Hat advisory mirrors this descriptio...

6.5CVSS8.5AI score0.00661EPSS
CVE
CVE
added 2024/08/30 9:29 a.m.50 views

CVE-2024-7858

The CVE-2024-7858 entry concerns the Media Library Folders (media-library-plus) WordPress plugin. It states that versions up to and including 8.2.3 are vulnerable due to missing capability checks on multiple AJAX functions in media-library-plus.php, allowing authenticated attackers with subscribe...

6.3CVSS6.4AI score0.00331EPSS