SQL Injection Vulnerability in Media Library Folders for WordPress
CVE-2024-7857
6.5MEDIUM
What is CVE-2024-7857?
The Media Library Folders plugin for WordPress exposes a vulnerability that allows for second order SQL injection. This issue arises from inadequate escaping of the 'sort_type' parameter in the 'mlf_change_sort_type' AJAX action. Authenticated attackers, with at least subscriber-level access, can exploit this vulnerability to insert malicious SQL queries into existing database queries. As a result, sensitive information can be extracted from the database, posing a significant risk to the security of WordPress installations utilizing this plugin.
Affected Version(s)
Media Library Folders * <= 8.2.2