N/A
2026-03-14< 4.1.1
Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion
Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types
Minimum safe version
4.1.1
Update to 4.1.1 or later to address 22 fixable vulnerabilities
Latest available4.1.2 ✓
Medium 4.3
2023-06-09< 2.18.17
CVE-2023-0729
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0726
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0725
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0716
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0722
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0685
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0684
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0720
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0724
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0717
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0711
Medium 4.3
2023-02-08< 2.18.17
CVE-2023-0715
Medium 4.3
2023-02-08< 2.18.17
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
High 8.8
2022-02-01< 2.8.10
CVE-2021-24919