Wickedplugins Wicked Folders — known CVE vulnerabilities
Every CVE whose affected-product data names Wickedplugins Wicked Folders, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2021-24919 — CVSS 8.8 (high): The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement…
CVE-2023-0684 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the…
CVE-2023-0685 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0711 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state…
CVE-2023-0712 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object…
CVE-2023-0713 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder…
CVE-2023-0715 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder…
CVE-2023-0716 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder…
CVE-2023-0717 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder…
CVE-2023-0718 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder…
CVE-2023-0719 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order…
CVE-2023-0720 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the…
CVE-2023-0722 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0723 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0724 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0725 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0726 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0727 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0728 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0729 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…
CVE-2023-0730 — CVSS 5.4 (medium): The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due…