Medium severity4.3NVD Advisory· Published Jun 14, 2024· Updated Apr 15, 2026

CVE-2024-2023

Description

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/folders/tags/3.0/includes/media.replace.phpnvd
plugins.trac.wordpress.org/changeset/3070429/folders/trunk/includes/media.replace.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/b4cc839c-de7a-43eb-a7fa-b1049419bfa3nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000