FKIE_CVE-2026-2312

Vulnerability from fkie_nvd - Published: 2026-02-14 12:15 - Updated: 2026-02-18 17:52
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the delete_maxgalleria_media() and maxgalleria_rename_image() functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to delete or rename attachments owned by other users (including administrators). The rename flow also deletes all postmeta for the target attachment, causing data loss.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset/3459947/media-library-plus
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/ccf77cb1-b6b6-49de-8de4-20eddd3b5e62?source=cve
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the delete_maxgalleria_media() and maxgalleria_rename_image() functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to delete or rename attachments owned by other users (including administrators). The rename flow also deletes all postmeta for the target attachment, causing data loss."
    },
    {
      "lang": "es",
      "value": "El plugin Media Library Folders para WordPress es vulnerable a Referencia Directa Insegura a Objeto en todas las versiones hasta la 8.3.6, inclusive, a trav\u00e9s de las funciones delete_maxgalleria_media() y maxgalleria_rename_image() debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, eliminar o renombrar archivos adjuntos propiedad de otros usuarios (incluidos los administradores). El flujo de renombrado tambi\u00e9n elimina todos los postmeta para el archivo adjunto objetivo, causando p\u00e9rdida de datos."
    }
  ],
  "id": "CVE-2026-2312",
  "lastModified": "2026-02-18T17:52:44.520",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security@wordfence.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-14T12:15:56.123",
  "references": [
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/changeset/3459947/media-library-plus"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf77cb1-b6b6-49de-8de4-20eddd3b5e62?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.