SQL Injection Vulnerability in Media Library Folders for WordPress
CVE-2024-7857

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Media Library Folders
Vendor: CVE Published:; 29 August 2024

Summary

The Media Library Folders plugin for WordPress exposes a vulnerability that allows for second order SQL injection. This issue arises from inadequate escaping of the 'sort_type' parameter in the 'mlf_change_sort_type' AJAX action. Authenticated attackers, with at least subscriber-level access, can exploit this vulnerability to insert malicious SQL queries into existing database queries. As a result, sensitive information can be extracted from the database, posing a significant risk to the security of WordPress installations utilizing this plugin.

Affected Version(s)

Media Library Folders * <= 8.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3139954/medi...

https://plugins.trac.wordpress.org/browser/media-library-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Aug 15, 2024

Credit

Lucio Sá