CVE-2024-7858

The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.
Configurations

Configuration 1 (hide)

cpe:2.3:a:maxfoundry:media_library_folders:*:*:*:*:*:wordpress:*:*

History

03 Sep 2024, 14:34

Type Values Removed Values Added
First Time Maxfoundry media Library Folders
Maxfoundry
CPE cpe:2.3:a:maxfoundry:media_library_folders:*:*:*:*:*:wordpress:*:*
Summary
  • (es) El complemento Media Library Folders para WordPress es vulnerable al acceso no autorizado debido a la falta de comprobaciones de capacidad en varias funciones AJAX en el archivo media-library-plus.php en todas las versiones hasta la 8.2.3 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen varias acciones relacionadas con la gestión de archivos y carpetas multimedia, además de controlar la configuración.
References () https://plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.php - () https://plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.php - Product
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve - Third Party Advisory

30 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 10:15

Updated : 2024-09-03 14:34


NVD link : CVE-2024-7858

Mitre link : CVE-2024-7858

CVE.ORG link : CVE-2024-7858


JSON object : View

Products Affected

maxfoundry

  • media_library_folders
CWE
CWE-862

Missing Authorization