VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Jan 07, 2026

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager Vulnerabilities

Review known vulnerability records for the WordPress plugin Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager (`folders`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12640, CVE-2025-12971 and CVE-2024-7317, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
2
Patch Coverage
100%
Last Updated
Jan 08, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2025-12640, CVE-2025-12971 and CVE-2024-7317
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12640
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...

Published
Jan 07, 2026
Patched Release
3.1.6
Affected Versions
Versions up to 3.1.5
Next Step
Update to 3.1.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-12971
Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcp_change_post_folder' function in all versions up to, and includi...

Published
Nov 26, 2025
Patched Release
3.1.6
Affected Versions
Versions up to 3.1.5
Next Step
Update to 3.1.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-7317
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escapi...

Published
Aug 05, 2024
Patched Release
3.0.4
Affected Versions
Versions up to 3.0.3
Next Step
Update to 3.0.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2023
Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author acces...

Published
Jun 13, 2024
Patched Release
3.0.1
Affected Versions
Versions up to 3.0
Next Step
Update to 3.0.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3868
Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Published
May 03, 2024
Patched Release
3.0.3
Affected Versions
Versions up to 3.0.2
Next Step
Update to 3.0.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-40204
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload

The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_folders_file_upload function in versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with author-level permissions or ab...

Published
Aug 28, 2023
Patched Release
2.9.3
Affected Versions
Versions up to 2.9.2
Next Step
Update to 2.9.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload

The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_folders_file_upload function in versions up to, and including, 2.9.2. This makes it possible for authors or higher to upload arbitrary files on the affected...

Published
Aug 25, 2023
Patched Release
2.9.3
Affected Versions
Versions before 2.9.3
Next Step
Update to 2.9.3 or newer if supported.
Open Full Report