PT-2026-25528 · Wickedplugins · Wicked Folders – Folder Organizer For Pages

Youssef Elouaer

Publicado

2026-03-15

Atualizado

2026-03-16

CVE-2026-1883

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types versions prior to 4.1.1

Description The Wicked Folders plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions up to and including 4.1.0. This is due to a lack of validation on a user-controlled key within the delete folders() function. Authenticated attackers with Contributor-level access or higher can exploit this to delete folders created by other users. The delete folders() function is the component directly involved in this issue.

Recommendations Update Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types to version 4.1.1 or later.

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2026-1883

Produtos afetados

Wicked Folders – Folder Organizer For Pages

PT-2026-25528 · Wickedplugins · Wicked Folders – Folder Organizer For Pages

CVE-2026-1883

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4