← Back

Wickedplugins

wickedplugins

21 CVEs • 1 product

Products (1)

Click to collapse
Toggle

CVEs (21)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Wickedplugins
1Wicked Folders
Jun 17, 2026
Feb 1, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated...Show more
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injectionShow less