| CVE-2025-12640 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement | premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | Medium | 4.3 | 2026-01-08 02:21:17 | Deep Dive |
| CVE-2025-12900 | FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 4.3 | 2025-12-15 14:25:11 | Deep Dive |
| CVE-2025-12971 | Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation | premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | Medium | 4.3 | 2025-11-27 12:31:01 | Deep Dive |
| CVE-2025-11510 | FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 4.3 | 2025-10-18 06:42:47 | Deep Dive |
| CVE-2025-0818 | Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion | ninjateam | File Manager Pro – Filester | Medium | 6.5 | 2025-08-13 03:42:05 | Deep Dive |
| CVE-2025-6986 | FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 6.5 | 2025-08-06 01:45:13 | Deep Dive |
| CVE-2024-13805 | Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | saadiqbal | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | Medium | 6.4 | 2025-03-07 09:21:14 | Deep Dive |
| CVE-2024-13333 | Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload | saadiqbal | Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin | High | 7.5 | 2025-01-17 05:29:27 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-7317 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload | premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | Medium | 6.4 | 2024-08-06 10:59:36 | Deep Dive |
| CVE-2024-2023 | Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload | premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | Medium | 4.3 | 2024-06-14 12:50:56 | Deep Dive |
| CVE-2024-3868 | Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name | premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | Medium | 5.4 | 2024-05-04 02:31:35 | Deep Dive |
| CVE-2024-2328 | Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting | devowl | Real Media Library: Media Library Folder & File Manager | Medium | 6.4 | 2024-05-02 16:52:43 | Deep Dive |
| CVE-2024-2346 | FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 5.4 | 2024-05-02 16:52:19 | Deep Dive |
| CVE-2024-2345 | FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 6.4 | 2024-05-02 16:51:47 | Deep Dive |
| CVE-2024-2027 | Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | devowl | Real Media Library: Media Library Folder & File Manager | Medium | 6.4 | 2024-04-09 18:58:53 | Deep Dive |
| CVE-2024-0385 | Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory | frenify | Categorify – WordPress Media Library Category & File Manager | Medium | 4.3 | 2024-03-13 15:26:36 | Deep Dive |
| CVE-2024-1650 | Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory | frenify | Categorify – WordPress Media Library Category & File Manager | Medium | 4.3 | 2024-02-27 11:05:11 | Deep Dive |
| CVE-2024-1910 | Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory | frenify | Categorify – WordPress Media Library Category & File Manager | Medium | 4.3 | 2024-02-27 11:05:10 | Deep Dive |
| CVE-2024-1649 | Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory | frenify | Categorify – WordPress Media Library Category & File Manager | Medium | 4.3 | 2024-02-27 11:05:10 | Deep Dive |