CVE-2026-2312 in Media Library Folders Pluginالمعلومات

الملخص

بحسب MITRE • 14/02/2026

The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the delete_maxgalleria_media() and maxgalleria_rename_image() functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to delete or rename attachments owned by other users (including administrators). The rename flow also deletes all postmeta for the target attachment, causing data loss.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

14/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-345995

CPE

جاهز

CWE

CWE-99 (مؤكد)

CVSS

4.3 (CNA)

EPSS

0.00013

KEV

لا

النشاطات

منخفض جدًا

القطاع

Industry, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2312
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2312
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2312/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!