CVE-2026-2312
📋 TL;DR
The Media Library Folders WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Author-level permissions to delete or rename other users' media attachments, including those owned by administrators. The rename function also deletes all metadata associated with the attachment, causing permanent data loss. This affects all WordPress sites using vulnerable versions of the plugin.
💻 Affected Systems
- Media Library Folders WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authors could delete critical media assets across the entire site, including administrator-owned content, potentially disrupting website functionality and causing permanent data loss.
Likely Case
Disgruntled or compromised authors deleting or renaming media files they shouldn't have access to, causing content management issues and data loss.
If Mitigated
Limited impact if proper user access controls and monitoring are in place, with only minor disruption to media library organization.
🎯 Exploit Status
Exploitation requires authenticated access with Author permissions or higher. The vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.3.7 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3459947/media-library-plus
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Media Library Folders. 4. Click 'Update Now' if available. 5. Alternatively, download version 8.3.7+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Media Library Folders plugin until patched
wp plugin deactivate media-library-plus
Restrict User Roles
allLimit Author-level users or review/remove suspicious accounts
🧯 If You Can't Patch
- Implement strict user access controls and monitor Author-level user activities
- Regularly backup media library and implement change monitoring for media files
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Media Library Folders version. If version is 8.3.6 or lower, you are vulnerable.Check Version:
wp plugin get media-library-plus --field=versionVerify Fix Applied:
Verify plugin version is 8.3.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual delete/rename operations on media files by Author-level users
- Multiple media file modifications in short timeframes
Network Indicators:
- POST requests to wp-admin/admin-ajax.php with action parameters containing 'delete_maxgalleria_media' or 'maxgalleria_rename_image'
SIEM Query:
source="wordpress" AND (action="delete_maxgalleria_media" OR action="maxgalleria_rename_image")