CVE-2025-12038

by Fred · 01/11/2025

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with Author-level access and above, to clear all data like terms and categories.

More information : https://plugins.trac.wordpress.org/changeset/3384176/folderly/trunk/includes/Rest#file0

CVE-2025-12038

Similar

Recent Posts

Categories

CVE-2025-12038

Share this:

Similar

Recent Posts

Categories

Tags