CVE-2024-7858

Name of the Vulnerable Software and Affected Versions Media Library Folders plugin for WordPress versions up to, and including, 8.2.3

Description The issue is related to missing capability checks on several AJAX functions in the media-library-plus.php file. This allows authenticated attackers with subscriber-level access and above to perform actions related to managing media files and folders, as well as controlling settings.

Recommendations For versions up to, and including, 8.2.3, update to a version that includes the necessary capability checks to prevent unauthorized access. As a temporary workaround, consider restricting access to the media-library-plus.php file and its associated AJAX functions until a patch is available. Restrict subscriber-level access and above to minimize the risk of exploitation.