Vulnerabilities and security researches forwicked-folders

Wicked Folders # CVE-2023-0685

CVE, Research URL: CVE-2023-0685
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0719

CVE, Research URL: CVE-2023-0719
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0720

CVE, Research URL: CVE-2023-0720
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0727

CVE, Research URL: CVE-2023-0727
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0712

CVE, Research URL: CVE-2023-0712
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0711

CVE, Research URL: CVE-2023-0711
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0717

CVE, Research URL: CVE-2023-0717
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0724

CVE, Research URL: CVE-2023-0724
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0713

CVE, Research URL: CVE-2023-0713
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0718

CVE, Research URL: CVE-2023-0718
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2021-24919

CVE, Research URL: CVE-2021-24919
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 01, 2022
Research Description: The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection
Affected versions: max 2.8.10.
Status: vulnerable

Wicked Folders # CVE-2023-0728

CVE, Research URL: CVE-2023-0728
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0715

CVE, Research URL: CVE-2023-0715
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0684

CVE, Research URL: CVE-2023-0684
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0722

CVE, Research URL: CVE-2023-0722
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0723

CVE, Research URL: CVE-2023-0723
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0729

CVE, Research URL: CVE-2023-0729
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Jun 09, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0730

CVE, Research URL: CVE-2023-0730
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0716

CVE, Research URL: CVE-2023-0716
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0725

CVE, Research URL: CVE-2023-0725
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Wicked Folders # CVE-2023-0726

CVE, Research URL: CVE-2023-0726
Home page URL: Security reports for Wicked Folders
Application: Wicked Folders
Date: Feb 08, 2023
Research Description: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
Affected versions: max 2.18.17.
Status: vulnerable

Vulnerabilities and security researches forwicked-folders wicked-folders

Wicked Folders # CVE-2023-0685

Wicked Folders # CVE-2023-0719

Wicked Folders # CVE-2023-0720

Wicked Folders # CVE-2023-0727

Wicked Folders # CVE-2023-0712

Wicked Folders # CVE-2023-0711

Wicked Folders # CVE-2023-0717

Wicked Folders # CVE-2023-0724

Wicked Folders # CVE-2023-0713

Wicked Folders # CVE-2023-0718

Wicked Folders # CVE-2021-24919

Wicked Folders # CVE-2023-0728

Wicked Folders # CVE-2023-0715

Wicked Folders # CVE-2023-0684

Wicked Folders # CVE-2023-0722

Wicked Folders # CVE-2023-0723

Wicked Folders # CVE-2023-0729

Wicked Folders # CVE-2023-0730

Wicked Folders # CVE-2023-0716

Wicked Folders # CVE-2023-0725

Wicked Folders # CVE-2023-0726

Wicked Folders # CVE-2026-1883