Medium severity4.3NVD Advisory· Published Jan 13, 2023· Updated Apr 8, 2026

CVE-2023-0293

Description

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views.

Affected products

Frenify/Mediamatic
cpe:2.3:a:frenify:mediamatic:*:*:*:*:*:wordpress:*:*
Range: <=2.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/mediamatic/trunk/inc/sidebar.phpnvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/e5c87ae0-9a53-4292-a4d3-05b3bdb37b71nvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/e5c87ae0-9a53-4292-a4d3-05b3bdb37b71nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000