The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| premio | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | unaffected |
|
||||||
| Premio | Folders Pro | unaffected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-26993 | The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 08 Apr 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-22 |
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T17:17:04.662Z
Reserved: 2024-02-29T17:11:37.666Z
Link: CVE-2024-2023
Vulnrichment
Updated: 2024-08-01T18:56:22.631Z
NVD
Status : Awaiting Analysis
Published: 2024-06-14T13:15:50.960
Modified: 2026-04-08T19:20:57.660
Link: CVE-2024-2023
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses