Authorization Bypass in Mediamatic Media Library Folders Plugin for WordPress
CVE-2023-0293
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 13 January 2023
What is CVE-2023-0293?
The Mediamatic – Media Library Folders plugin for WordPress contains an authorization bypass issue due to a lack of capability checks on its AJAX actions. This vulnerability affects versions up to and including 2.8.1, allowing authenticated attackers with subscriber-level permissions or higher to modify image categories. This manipulation can disrupt the organization of images in folder views, presenting a significant risk for sites relying on this plugin for media management.
Affected Version(s)
Mediamatic – Media Library Folders * <= 2.8.1