Unauthorized Plugin Settings Change in Media Library Folders for WordPress by Vendor
CVE-2025-0935
4.3MEDIUM
Key Information:
- Vendor
- Maxfoundry
- Status
- Media Library Folders
- Vendor
- CVE Published:
- 15 February 2025
Summary
The Media Library Folders plugin for WordPress contains a flaw that allows authenticated attackers with Author-level access and higher to manipulate plugin settings without proper authorization checks. This vulnerability arises from insufficient capability verification on various AJAX actions, enabling potential changes to key plugin settings, including IP-blocking mechanisms. As a result, attackers could exploit this weakness to disrupt site operations or restrict legitimate users, thus compromising the overall security of WordPress installations.
Affected Version(s)
Media Library Folders * <= 8.3.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Brian Sans-Souci