PT-2025-54443 · WordPress · Codedraft Mediabay - Wordpress Media Library Folders
Published
2025-12-31
·
Updated
2025-12-31
·
CVE-2025-28949
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Codedraft Mediabay - WordPress Media Library Folders versions through 1.4
Description
The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for exploitation through improper handling of special elements within SQL commands. The API endpoint is not specified. The vulnerable parameter is not specified. The vulnerable function is not specified.
Recommendations
Update Codedraft Mediabay - WordPress Media Library Folders to a version later than 1.4.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codedraft Mediabay - Wordpress Media Library Folders