Vulnerabilities > Maxfoundry > Media Library Folders > 8.1.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-15 | CVE-2025-0935 | Missing Authorization vulnerability in Maxfoundry Media Library Folders The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. | 4.3 |
| 2024-08-29 | CVE-2024-7857 | Unspecified vulnerability in Maxfoundry Media Library Folders The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |