CVE-2025-28948

| EUVD-2025-17166 HIGH
2025-06-06 [email protected]
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17166
CVE Published
Jun 06, 2025 - 13:15 nvd
HIGH 7.1

Tags

WordPress CSRF XSS PHP

Description

Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.

Analysis

Cross-Site Request Forgery (CSRF) vulnerability in the codedraft Mediabay WordPress plugin (versions up to 1.4) that enables reflected XSS attacks. Attackers can exploit this network-accessible vulnerability without authentication to perform unauthorized actions on behalf of authenticated users and inject malicious scripts, affecting WordPress installations using this media library plugin. The CVSS 7.1 score and absence of KEV/active exploitation data suggest moderate real-world risk with UI interaction required.

Technical Context

The vulnerability exists in the Mediabay - WordPress Media Library Folders plugin, which extends WordPress's native media management capabilities. The underlying issue is a CSRF vulnerability (CWE-352) that fails to implement proper token validation (such as WordPress nonces) when processing state-changing requests. This allows an attacker to craft malicious cross-origin requests that, when visited by authenticated WordPress administrators or users, execute unvalidated actions within the plugin's context. The reflected XSS component indicates that user input is reflected in HTTP responses without proper sanitization or output encoding, compounding the attack surface. The plugin integrates directly with WordPress's media library infrastructure (likely wp-admin AJAX handlers or media upload/folder management endpoints), making administrative users primary targets.

Affected Products

Product: Mediabay - WordPress Media Library Folders by codedraft; Affected versions: 1.4 and earlier (no lower bound specified, indicating all known versions through 1.4 are vulnerable); Platform: WordPress; Architecture: PHP-based plugin; No specific CPE string provided in source data, but implied CPE pattern: cpe:2.3:a:codedraft:mediabay:*:*:*:*:*:wordpress:*:* (versions ≤1.4); Deployment context: WordPress sites with plugin active and users with administrative or editorial roles.

Remediation

Immediate actions: (1) Update the Mediabay plugin to version 1.5 or later when available—vendors typically address CSRF via nonce implementation and XSS via output sanitization; (2) Review plugin changelog/vendor advisory (codedraft) for confirmation of patch scope; (3) Verify successful update in wp-admin > Plugins; (4) Monitor for suspicious media library activity in WordPress logs. Interim mitigations if patch unavailable: (a) Disable the plugin temporarily via wp-cli or wp-admin if not mission-critical; (b) Restrict plugin access via role-based capabilities; (c) Implement network-level CSRF protections (SameSite cookie attributes enforced at server level); (d) Educate administrators against clicking untrusted links while logged into WordPress; (e) Apply WordPress security hardening (disable file editing, restrict admin access by IP if feasible). Contact codedraft directly for patch ETA if version 1.5+ is not immediately available.

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

CVE-2025-28948 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy