CVE-2025-0935

Name of the Vulnerable Software and Affected Versions Media Library Folders plugin for WordPress versions up to, and including, 8.3.0

Description The issue is related to a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access and above to change plugin settings, such as IP-blocking.

Recommendations For versions up to, and including, 8.3.0, update to a version higher than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions related to plugin settings change until a patch is available.