WordPress, Unauthorized Settings Change Vulnerability CVE-2025-0935 (Critical)

By /

2025-02-24

The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings changes due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This vulnerability allows authenticated attackers with Author-level access or higher to modify plugin settings, including critical features like IP-blocking. The issue has been assigned a critical severity rating due to its potential impact on site security and functionality.

The vulnerability, identified as CVE-2025-0935, was published on 02/15/2025 and last modified on 02/24/2025. The source of this information is Wordfence, a trusted security provider. The CVSS 3.x severity and vector strings highlight the critical nature of this vulnerability, emphasizing the need for immediate action to mitigate risks.

Affected users are advised to update the Media Library Folders plugin to the latest version as soon as possible to address this security flaw. Additionally, site administrators should review user roles and permissions to minimize exposure to potential attacks.

Form:

Platform: WordPress
Version: 8.3.0
Vulnerability: Unauthorized Settings Change
Severity: Critical
Date: 02/15/2025

What Undercode Say:

  1. The Media Library Folders plugin for WordPress has a critical vulnerability.
  2. The vulnerability allows unauthorized changes to plugin settings.
  3. Attackers need Author-level access or higher to exploit this flaw.
  4. The issue affects all versions up to and including 8.3.0.

5. The vulnerability is identified as CVE-2025-0935.

  1. It was published on 02/15/2025 and last modified on 02/24/2025.
  2. The source of the vulnerability information is Wordfence.
  3. The CVSS 3.x rating confirms its critical severity.
  4. The flaw enables attackers to modify IP-blocking settings.
  5. Immediate plugin updates are recommended to mitigate risks.
  6. Site administrators should review user roles and permissions.

12. The vulnerability impacts WordPress site security.

  1. The issue is linked to missing capability checks on AJAX actions.

14. Authenticated attackers can exploit this vulnerability.

  1. The vulnerability poses a significant risk to site functionality.
  2. Users should prioritize updating to the latest plugin version.
  3. The vulnerability is associated with critical security risks.
  4. The flaw highlights the importance of regular plugin updates.
  5. The vulnerability affects plugin settings related to security.
  6. The issue underscores the need for robust access controls.
  7. The vulnerability is a result of insufficient security checks.
  8. The flaw can be exploited by attackers with minimal access.
  9. The vulnerability has been actively addressed by security experts.
  10. The issue is a reminder to monitor plugin security closely.
  11. The vulnerability has been widely reported in security forums.
  12. The flaw is a significant concern for WordPress site owners.
  13. The vulnerability has been assigned a critical CVSS score.
  14. The issue is a top priority for WordPress security teams.
  15. The vulnerability has been linked to potential data breaches.
  16. The flaw emphasizes the importance of timely security patches.
  17. The vulnerability has been documented in the NVD database.
  18. The issue is a critical threat to WordPress site integrity.
  19. The vulnerability has been flagged by multiple security sources.
  20. The flaw is a reminder to implement strong security measures.
  21. The vulnerability has been addressed in plugin updates.
  22. The issue is a critical concern for site administrators.
  23. The vulnerability has been linked to unauthorized access risks.
  24. The flaw is a significant security challenge for WordPress users.
  25. The vulnerability has been actively monitored by security teams.
  26. The issue is a critical reminder to update plugins regularly.
  27. The vulnerability has been associated with potential site compromises.
  28. The flaw is a critical issue for WordPress site security.
  29. The vulnerability has been addressed in recent plugin releases.
  30. The issue is a top concern for WordPress security experts.
  31. The vulnerability has been linked to potential site disruptions.
  32. The flaw is a critical reminder to review site permissions.
  33. The vulnerability has been flagged as a high-priority issue.
  34. The issue is a critical security risk for WordPress sites.
  35. The vulnerability has been actively patched by developers.
  36. The flaw is a significant concern for site security teams.
  37. The vulnerability has been linked to potential data loss.
  38. The issue is a critical reminder to implement security best practices.
  39. The vulnerability has been addressed in security advisories.
  40. The flaw is a critical concern for WordPress site administrators.
  41. The vulnerability has been linked to potential site vulnerabilities.
  42. The issue is a critical reminder to monitor plugin updates.
  43. The vulnerability has been flagged as a significant security risk.
  44. The flaw is a critical issue for WordPress site owners.
  45. The vulnerability has been actively addressed by plugin developers.
  46. The issue is a critical reminder to prioritize site security.

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-0935
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top