以下是页面截图中的关键漏洞信息: CVE:CVE-2026-2312 CVSS Score:4.3 (Medium) Vulnerability Type:Missing Authorization Publicly Published:February 13, 2026 Last Updated:February 14, 2026 Affected Software:Media Library Folders plugin for WordPress - Software Slug: media-library-plus Affected Version:<= 8.3.6 Patched Version:8.3.7 Vulnerability Description:The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 8.3.6 via the delete_maxgalleria_media() and maxgalleria_rename_image() functions due to missing validation on a user-controlled key. Authenticated attackers with Author-level access and above can delete or rename attachments owned by other users, including administrators, and the rename flow also deletes all postmeta for the target attachment, causing data loss.