Cross-Site Request Forgery in Mediamatic Media Library Folders Plugin for WordPress
CVE-2023-0294
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 13 January 2023
What is CVE-2023-0294?
The Mediamatic β Media Library Folders plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to faulty nonce validation in its AJAX actions function. This vulnerability allows unauthenticated attackers to manipulate image categories by deceiving site administrators into triggering forged requests, such as clicking a malicious link. Proper nonce verification should be implemented to mitigate this risk and prevent unauthorized actions within the plugin.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Mediamatic β Media Library Folders * <= 2.8.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Marco Wotschka