CVE-2024-7858
📋 TL;DR
The Media Library Folders WordPress plugin has missing capability checks on AJAX functions, allowing authenticated users with subscriber-level access or higher to perform unauthorized media management and settings control actions. This affects all WordPress sites using the plugin up to version 8.2.3.
💻 Affected Systems
- Media Library Folders WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete, modify, or reorganize all media library files, potentially defacing websites or removing critical content. They could also manipulate plugin settings to enable further attacks.
Likely Case
Malicious users with subscriber accounts could tamper with media files, disrupt website functionality, or gain unauthorized access to media management features.
If Mitigated
With proper user role management and plugin updates, impact is limited to authorized administrative actions only.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has subscriber-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.2.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Media Library Folders plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 8.2.4+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the Media Library Folders plugin until patched
wp plugin deactivate media-library-plus
Restrict User Roles
allLimit subscriber accounts and review user permissions
🧯 If You Can't Patch
- Implement strict user role management and audit all subscriber-level accounts
- Monitor media library changes and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 8.2.3 or lower, you are vulnerable.Check Version:
wp plugin get media-library-plus --field=versionVerify Fix Applied:
After updating, confirm plugin version shows 8.2.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to media-library-plus.php from non-admin users
- Unexpected media file modifications by low-privilege users
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with 'action' parameter containing media-library-plus functions
SIEM Query:
source="wordpress" AND uri_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND (user_role="subscriber" OR user_role="contributor") AND request_body LIKE "%media-library-plus%"🔗 References
- https://plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve
