WordPress Plugin Vulnerabilities

Media Library Folders < 7.1.2 - Plugin Reset via CSRF

Description

The plugin does not have CSRF check when reseting its data, which could allow attackers to make logged in admin reset the plugin data, such as the DB tables via a CRSF attack

Affects Plugins

Plugin icon
media-library-plus
Fixed in 7.1.2

References

CVE
CVE-2022-41634

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Rasi Afeef
Verified
No
WPVDB ID
1ecd6d61-d0dd-429b-aa27-248372a0a76e

Timeline

Publicly Published
2022-09-30 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2025-11-17
Title
WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation
Published
2025-06-19
Title
JobWP < 2.4.1 - Cross-Site Request Forgery
Published
2025-04-22
Title
affiliate-toolkit < 3.7.4 - Cross-Site Request Forgery
Published
2014-08-01
Title
Sahifa 2.4.0 - Site Setting Reset CSRF
Published
2024-12-16
Title
SMS for WooCommerce < 2.8.1.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting