Primary

Context

Folderly WordPress Plugin Unauthorized Data Modification Vulnerability

Vulnerability

A vulnerability exists in the Folderly plugin for WordPress, allowing unauthorized data modification. This issue arises from an inadequate capability check on the '/wp-json/folderly/v1/config/clear-all-data' REST API endpoint, affecting all versions up to and including 0.3. The flaw enables authenticated attackers with Author-level access or higher to delete all data, including terms and categories.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of terms and categories by authenticated users with Author-level access or higher.

Remediation

Users can update to version 0.3.1 or a newer patched version to address this vulnerability.

Added: Nov 1, 2025, 6:18 AM

Updated: Nov 1, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Folderly WordPress Plugin Unauthorized Data Modification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating