Unrated severityNVD Advisory· Published Feb 15, 2025· Updated Apr 8, 2026
Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change
CVE-2025-0935
Description
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=8.3.0+ 1 more
- (no CPE)range: <=8.3.0
- (no CPE)range: 0
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.phpmitre
- plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.phpmitre
- plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.phpmitre
- plugins.trac.wordpress.org/changeset/3234676/media-library-plus/trunk/media-library-plus.phpmitre
- www.wordfence.com/threat-intel/vulnerabilities/id/6f810102-cf25-4898-a3a6-3cdc9a96aaeamitre
News mentions
0No linked articles in our index yet.