VYPR

Wicked Folders

by WordPress

Source repositories

CVEs (22)

  • CVE-2023-0713MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2026-1883MedMar 16, 2026
    risk 0.21cvss 4.3epss 0.00

    The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled…

Page 2 of 2