The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.
References
Configurations
History
03 Sep 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Maxfoundry media Library Folders
Maxfoundry |
|
CPE | cpe:2.3:a:maxfoundry:media_library_folders:*:*:*:*:*:wordpress:*:* | |
Summary |
|
|
References | () https://plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.php - Product | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve - Third Party Advisory |
30 Aug 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-30 10:15
Updated : 2024-09-03 14:34
NVD link : CVE-2024-7858
Mitre link : CVE-2024-7858
CVE.ORG link : CVE-2024-7858
JSON object : View
Products Affected
maxfoundry
- media_library_folders
CWE
CWE-862
Missing Authorization