7 matches found
CVE-2024-30486
CVE-2024-30486 is an authenticated SQL injection in the WordPress plugin Media Library Folders (Media Library Folders: 8.1.7 and earlier). The issue arises from improper neutralization of input in SQL commands, enabling an attacker with Author+ or higher permissions to manipulate queries. The vul...
CVE-2024-3615
CVE-2024-3615 : The WordPress plugin Media Library Folders (Media Library Folders) is vulnerable to Reflected XSS via the s parameter in all versions up to 8.2.0 due to insufficient input sanitization and output escaping. Exploitation requires an action by a user (e.g., clicking a crafted link) a...
CVE-2025-0935
CVE-2025-0935 concerns the WordPress plugin Media Library Folders (versions up to and including 8.3.0). The issue is a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access or higher to change plugin settings (e.g., IP-blocking). Impact is una...
CVE-2022-41634
CVE-2022-41634 : CSRF vulnerability in WordPress “Media Library Folders” plugin (versions <= 7.1.1). Root cause: CSRF check missing in plugin operations, enabling an authenticated user to be tricked into performing unintended actions. Impact per sources: potential manipulation/deletion of plug...
CVE-2024-7857
CVE-2024-7857 affects the Media Library Folders (media-library-plus) WordPress plugin. It enables second-order SQL Injection via the sort_type parameter in the mlf_change_sort_type AJAX action, in all versions up to and including 8.2.2, due to insufficient escaping and query preparation. Exploita...
CVE-2024-31287
CVE-2024-31287 affects Max Foundry Media Library Folders (WordPress plugin). The vulnerability is described as improper limitation of a pathname to a restricted directory (path traversal) and impacts Media Library Folders: from n/a through 8.1.8. Connected Red Hat advisory mirrors this descriptio...
CVE-2024-7858
The CVE-2024-7858 entry concerns the Media Library Folders (media-library-plus) WordPress plugin. It states that versions up to and including 8.2.3 are vulnerable due to missing capability checks on multiple AJAX functions in media-library-plus.php, allowing authenticated attackers with subscribe...