cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forifolders ifolders

Direction: ascending
Jun 07, 2024

iFolders – Ultimate WordPress Media Library Folder Manager # CVE-2023-41949

CVE, Research URL

CVE-2023-41949

Home page URL

Security reports for iFolders – Ultimate WordPress Media Library Folder Manager

Application

iFolders – Ultimate WordPress Media Library Folder Manager

Date
Sep 25, 2023
Research Description
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.
Affected versions
Min -, max -.
Status
vulnerable

iFolders &#8211; Ultimate WordPress Media Library Folder Manager # c6208089ed8f158e9c806d56b83d542b2566df2c

CVE, Research URL

c6208089ed8f158e9c806d56b83d542b2566df2c

Home page URL

Security reports for iFolders &#8211; Ultimate WordPress Media Library Folder Manager

Application

iFolders &#8211; Ultimate WordPress Media Library Folder Manager

Date
Sep 05, 2023
Research Description
iFolders &#8211; Ultimate WordPress Media Library Folders &amp; File Manager [ifolders] < 1.5.1 iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting The iFolders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max -.
Status
vulnerable