cleantalk
Vulnerabilities and Security Researches

iFolders – Ultimate WordPress Media Library Folder Manager, c6208089ed8f158e9c806d56b83d542b2566df2c

CVE, Research URL

c6208089ed8f158e9c806d56b83d542b2566df2c

Home page URL

Security reports for iFolders – Ultimate WordPress Media Library Folder Manager

Application

iFolders – Ultimate WordPress Media Library Folder Manager

Published on
Sep 05, 2023
Research Description
iFolders &#8211; Ultimate WordPress Media Library Folders &amp; File Manager [ifolders] < 1.5.1 iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting The iFolders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.5.1.
Status
vulnerable
Previous vulnerability researches
iFolders &#8211; Ultimate WordPress Media Library Folder Manager (CVE-2023-41949) , Jun 07, 2024
iFolders &#8211; Ultimate WordPress Media Library Folder Manager (c6208089ed8f158e9c806d56b83d542b2566df2c) , Jun 07, 2024
New vulnerability
Contact Form 7 reCAPTCHA (CVE-2025-23972) , Jul 08, 2025
Easy Stripe (CVE-2025-49302) , Jul 08, 2025
Gallery Widget (CVE-2025-28969) , Jul 08, 2025
Contact Us Page &#8211; Contact People (CVE-2025-28967) , Jul 07, 2025
WP fancybox (CVE-2025-26591) , Jul 07, 2025