Browse all 4 CVE security advisories affecting Plugincraft. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Plugincraft develops WordPress plugins for enhancing website functionality, with a core use case of extending site capabilities through modular add-ons. Historically, their plugins have been vulnerable to multiple security classes, including remote code execution, cross-site scripting, and privilege escalation, contributing to their four recorded CVEs. Notable security characteristics include insufficient input validation and inadequate access controls in several plugins. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Organizations using these plugins should implement strict input validation and maintain regular updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-47144 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) — Mediamatic – Media Library FoldersCWE-352 | 4.3 | Medium | 2023-05-25 |
| CVE-2022-47142 | WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF) — Mediamatic – Media Library FoldersCWE-352 | 4.3 | Medium | 2023-05-22 |
| CVE-2023-0294 | Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery — Mediamatic – Media Library FoldersCWE-352 | 8.8 | High | 2023-01-13 |
| CVE-2023-0293 | Mediamatic – Media Library Folders <= 2.8.1 - Missing Authorization — Mediamatic – Media Library FoldersCWE-862 | 4.3 | Medium | 2023-01-13 |
This page lists every published CVE security advisory associated with Plugincraft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.