Folders Pro

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:premio:folders_pro:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPremio (ffbffa26-97c5-5523-adc1-961519880378)
ProductFolders Pro (1fd762d2-4757-5275-ab62-b91f2fc85c92)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-2024 vulnerable 2026-06-03 14:55:28.182897 Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
HIGH (8.8)
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2024-06-14T12:51:02.731Z
Updated: 2026-04-08T17:34:19.521Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2023 vulnerable 2026-06-03 14:55:28.180049 Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
MEDIUM (4.3)
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.
Published: 2024-06-14T12:50:56.493Z
Updated: 2026-04-08T17:17:04.662Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.