🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wicked Folders

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Wicked Folders

Information

Software Type	Plugin
Software Slug	wicked-folders (view on wordpress.org)
Software Status	Active
Software Author	wickedplugins
Software Website	wickedplugins.com
Software Downloads	463,328
Software Active Installs	20,000
Software Record Last Updated	April 25, 2024

Showing 1-20 of 21 Vulnerabilities

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order

5.4

CVE-2023-0720

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder

5.4

CVE-2023-0726

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state

5.4

CVE-2023-0722

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder

5.4

CVE-2023-0715

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state

5.4

CVE-2023-0711

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder

5.4

CVE-2023-0717

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order

5.4

CVE-2023-0729

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder

5.4

CVE-2023-0725

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder

5.4

CVE-2023-0724

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder

5.4

CVE-2023-0716

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder

5.4

CVE-2023-0718

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object

5.4

CVE-2023-0723

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object

5.4

CVE-2023-0712

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order

5.4

CVE-2023-0719

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order

5.4

CVE-2023-0730

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder

5.4

CVE-2023-0727

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder

5.4

CVE-2023-0728

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder

5.4

CVE-2023-0713

Feb 7, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders

5.4

CVE-2023-0685

Feb 6, 2023

Researcher: Marco Wotschka

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders

5.4

CVE-2023-0684

Feb 6, 2023

Researcher: Marco Wotschka

Title	CVE ID	CVSS	Researchers	Date
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order	CVE-2023-0720	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder	CVE-2023-0726	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state	CVE-2023-0722	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder	CVE-2023-0715	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state	CVE-2023-0711	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder	CVE-2023-0717	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order	CVE-2023-0729	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder	CVE-2023-0725	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder	CVE-2023-0724	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder	CVE-2023-0716	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder	CVE-2023-0718	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object	CVE-2023-0723	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object	CVE-2023-0712	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order	CVE-2023-0719	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order	CVE-2023-0730	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder	CVE-2023-0727	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder	CVE-2023-0728	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder	CVE-2023-0713	5.4	Marco Wotschka	February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders	CVE-2023-0685	5.4	Marco Wotschka	February 6, 2023
Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders	CVE-2023-0684	5.4	Marco Wotschka	February 6, 2023

1
2
›
»

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.