PT-2025-48266 · WordPress · Folders – Unlimited Folders To Organize Media Library Folder

Dmitry Ignatyev

Published

2025-11-27

Updated

2025-11-27

CVE-2025-12971

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress versions through 3.1.5

Description The Folders plugin for WordPress is susceptible to unauthorized data modification. A misconfigured capability check on the wcp change post folder() function allows authenticated attackers with Contributor-level access or higher to move folder contents to arbitrary folders.

Recommendations Update The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress to a version later than 3.1.5.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-12971

Affected Products

Folders – Unlimited Folders To Organize Media Library Folder

CVE-2025-12971

Weakness Enumeration

Related Identifiers

Affected Products

References · 8