Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41634: Media Library Folders

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.

CVE
#sql#csrf#vulnerability#web#mac#windows#js#java#wordpress#php#pdf#ssl
  • Details
  • Reviews
  • Installation
  • Development

Media Library Folders for WordPress creates actual folders in your WordPress Media Library:

  • Actual folders make it easier to organize your WordPress media library while reducing server burden.
  • Add and build new Media library folders to label and organize as you wish instead of just month/date.
  • Move, copy, rename and delete files and folders with a nice drag and drop interface
  • Regenerate thumbnails.
  • SEO Images to specify ALT and TITLE attributes when uploading.
  • Sync folders/files when moving or uploading a folder via FTP.
  • Create a MaxGalleria gallery.

MLF adds to and works with the functionality of WordPress Media Library. It does not replace it.

Just what I was looking for! I use this on ALL my WordPress sites. I don’t know why you wouldn’t. It not only allows you to organize your image files in your WP site, but it also creates logical URL links to your files based on the folders you create and the name of the image file. So great! No more random numbers for image URL’s.

Great for organization and better media! WordPress’s default media folders didn’t work for us on a project with strict requirements on organizing their uploaded files. We had trouble finding a low-impact solution that fulfilled all requirements.

Media Library Plus solved all our issues, and we’ve been using it on a major site with 11 custom post types, hundreds of media files, and tons of other plugins/customizations — zero issues and exactly what we need!

MLP performs beautifully and provides great media management features and functionality! To make matters even better support is extremely fast and responsive to inquiries. Great stuff!

Media Library Folders Pro for WordPress

Media Library Folders Pro for WordPress lets you:

  • Select and add images to your posts and pages from the editor through MLFs integration
  • Organize your media library folders with categories
  • Enhanced Media Library and Media Library Folders Pro categories are interchangeable
  • Create new MaxGalleria and NextGEN Galleries directly from your MLF folders
  • Supports Advanced Custom Fields
  • Use File Name View Mode for finding images in very large folders
  • Add images to a WooCommerce product gallery
  • Multi site supported

Using Media Library Folders for WordPress

To get started download and install the Media Library Folders for WordPress plugin. Once Media Library Folders for WordPress is activated you will see Media Library Folders for WordPress in the WordPress dashboard menu. And you are ready to go watch our super helpful intro video!

When you click on Media Library Folders for WordPress it displays the contents of the uploads folder where you will see the level folders such as ‘2016’, ‘2015’.
We assume your site has the WordPress Media Library setting option ‘Organize my uploads into month- and year-based folders’ selected. To view the contents of a folder, click on the folder image. To navigate up in the folder structure click on the links in the Location: breadcrumb string.

Clicking an image will take you to the image attachment details page. If you close that page when you are done you will be in the old media library. Instead click your browser’s go back button twice and you will be taken back to the folder page.

We also have an article on How to Sync your WordPress Media Library with FTP Folders if you have a large number of images.

Button Bar

The Button Bar provides the main functionality to manage folders and files and is located below the breadcrumbs navigation. When the mouse hovers over a button its function is displayed in the message area below the button bar.

File/Folder Organizing Buttons

Clicking the Add File button displays the upload box.

Here you can select a single file to upload one or more files by dragging the image from the file manager and dropping them in the upload box. Uploaded files will be added to the current folder.

New Folder – Allows you to create a new folder in the current directory.
Move/Copy Toggle – Set the mode for drag and dropping of files. Individual files can be move or copied to another folder by dragging and dropping the file into the desired folder. Multi files can be selected by click each file’s checkbox. Links in post and pages and feature image links are automatically updated when files are moved.
Rename – Rename a file in the current directory. Folders cannot be renamed.
Delete – The delete function let you delete select files. To delete a folder, Right click over a folder and click the menu the appears. A folder must be empty before it can be deleted.
Select/Unselect – Select or unselect all files in the current directory.
Sync – Checks the folder on the server for any files not listed in the Media Library and adds them to the Library.
Sort by Date/Sort by Name – changes the display order of items in the current directory; either by name or by date.
Search – Users can search for a file or folder by typing in the name of the file in the search box and pressing Enter.

The search results page will display files and/or folders that are similar to the search text. You can click on an image or file to go to its folder or click on a folder view its contents.

In the event that you need to rescan your database’s image and folder data the Media Library Folders for WordPress Reset plugin has been included. To use deactivate Media Library Folders for WordPress, activate Media Library Folders for WordPress Reset and select Media Library Folders for WordPress Reset->Reset Database to erase the folder data. Then deactivate Media Library Folders for WordPress Reset and reactivate Media Library Folders for WordPress. MLF will perform a fresh scan of your database.

Regenerate Thumbnails

To start select one or more images from the main dashboard and click the ‘Regenerate Thumbnails’ button. To regenerate all the thumbnails on your site go the the Regenerate Thumbnails page of MLP and click the ‘Regenerate Thumbnails’ button. MLF will then process all of the images with an process indicator as it works on your job.

Image SEO

When Image SEO is enabled Media Library Folders for WordPress automatically adds ALT and Title attributes with the default settings defined below to all your images as they are uploaded. You can easily override the Image SEO default settings when you are uploading new images.

Working with images and galleries after initial setup

Media Library Folders for WordPress is a stand along plugin that contains an integration with MaxGalleria. With MLF you can add your images to MaxGalleria with a click of a button.

For automatic installation:

  1. Login to your website and go to the Plugins section of your admin panel.
  2. Click the Add New button.
  3. Under Install Plugins, click the Upload link.
  4. Select the plugin zip file from your computer then click the Install Now button.
  5. You should see a message stating that the plugin was installed successfully.
  6. Click the Activate Plugin link.

For manual installation:

  1. You should have access to the server where WordPress is installed. If you don’t, see your system administrator.
  2. Copy the plugin zip file up to your server and unzip it somewhere on the file system.
  3. Copy the “media-library-extended” folder into the /wp-content/plugins directory of your WordPress installation.
  4. Login to your website and go to the Plugins section of your admin panel.
  5. Look for “Media Library Folders for WordPress” and click Activate.

Folder Tree Not Loading

Users who report this issue can usually fix it by running the Media Library Folders Reset plugin that comes with Media Library Folders.

  1. First make sure you have installed the latest version of Media Library Folders.
  2. Deactivate Media Library Folders and activate Media Library Folders Reset and run the Reset Database option from the Media Library Folders Reset sub menu in the dashboard.
  3. After that, reactivate Media Library Folders. It will do a fresh scan of your media library database and no changes will be made to the files or folders on your site.

How to Unhide a Hidden Folder

  1. Go to the hidden folder via your cPanel or FTP and remove the file ‘mlpp-hidden’.
  2. In the Media Library Folders Menu, click the Check for New folders link. This will add the folder back into Media Library Folders
  3. Visit the unhidden folder in Media Library Folders and click the Sync button to add contents of the folder. Before doing this, check to see that there are no thumbnail images in the current folder since these will be regenerated automatically; these usually have file names such as image-name-150×150.jpg, etc.
  4. Repeat step 3 for each sub folder.

Folders and images added to the site by FTP are not showing up in Media Library Folders

Media Library Folders does not work like the file manager on your computer. It only display images and folders that have been added to the Media Library database. To display new folders that have not been added through the Media Library Folders you can click the Check for new folders option in the Media Library Folders submenu in the WordPress Dashboard. If you allow WordPress to store images by year and month folders, then you should click the option once each month to add these auto-generated folders.

To add images that were upload to the site via the cPanel or by FTP, navigate to the folder containing the images in Media Library Folders and click the Sync button. This will scan the folder looking images not currently found in the Media Library for that folder. The Sync function only scans the current folder. If there are subfolders, you will need to individually sync them.

Folders Loads Indefinitely

This happens when a parent folder is missing from the folder data. To fix this you will need to perform a reset of the Media Library Folders database. To do this, deactivate Media Library Folders and activate Media Library Folders Reset and select the Reset Database option. Once the reset has completed, reactivate Media Library Folders and it will do a fresh scan of the Media Library data.

Unable to Insert files from Media Library Folders into Posts or Pages

For inserting images and files into posts and pages you will have to use the existing Media Library. The ability to insert items from the Media Library Folders user interface is only available in Media Library Folders Pro. This does not mean you cannot insert files added to Media Library Folders into any WordPress posts or pages. Media Library Folders adds a folder user interface and file operations to the existing media library and it does not add a second media library. Since all the images are in the same media library there is no obstacle to inserting them anywhere WordPress allows media files to be inserted. There is just no folder tree available in the media library insert window for locating images in a particular folder. We chose to include the folder tree for inserting images in posts and page in the Pro version along with other features in order to fund the cost of providing free technical support and continued development of the plugin.

Unable to Update Media Library Folders Reset

Media Library Folders Reset is maintenance and diagnostic plugin that is included with Media Library Folders. It automatically updates when Media Library Folders is updated. There is no need to updated it separately. Users should leave the reset plugin deactivated until it is needed in order to avoid accidentally deleting your site’s folder data.

Images Not Found After Changing the Location of Uploads Folder

If you change the location of the uploads folder, your existing files and images will not be moved to the new location. You will need to delete them from media library and upload them again. Also you will need to perform a reset of the Media Library Folders database. To do this, deactivate Media Library Folders and activate Media Library Folders Reset and select the Reset Database option. Once the reset has completed, reactivate Media Library Folders and it will do a fresh scan of the Media Library data.

Difficulties Uploading or Dragging and Dropping a Large Number of Files

Limitations on web server processing time may cause dragging and dropping a large number of files to fail. An error is generated when it takes to longer then 30 seconds to move, copy or upload files. This time limitation can be increased by changing the max_execution_time setting in your site’s php.ini file.

How to Delete a Folder?

To delete a folder, right click (Ctrl-click with Macs) on a folder. A popup menu will appear with the options, ‘Delete this folder?’ and ‘Hide this folder?’. Click the delete option.

Fatal error: Maximum execution time exceeded

The Maximum execution time error takes place when moving, syncing or uploading too many files at one time. The web site’s server has a setting for how long it can be busy with a task. Depending on your server, size of files and the transmission speed of your internet, you may need to reduce the number of files you upload or move at one time.

It is possible to change the maximum execution time either with a plugin such as WP Maximum Execution Time Exceeded or by editing your site’s .htaccess file and adding this line:

php_value max_execution_time 300

Which will raise the maximum execution time to five minutes.

How to Upload Multiple Files

Users can upload multiple files by using drag and drop. When the Add Files button is click it revels the file upload area either single or multiple files can be highlight can be dragged from you computer’s file manager and dropped into the file uploads areas.

Cannot Rename or Move a Folder

Because most images and files in the media library have corresponding links embedded in site’s posts and pages, Media Library Folders does not allow folders to be rename or moved in order to prevent breaking these links. Rather, to rename or move a folder, one needs to create a new folder and move the files from the old folder to the new. During the move process, Media Library Folders will scan the sites standard posts and pages for any links matching the old address of the images or files and update them to the new address.

Tried many plugins and this one was the best. Period.

Works perfect and is easy to use. Exactly what I was looking for. Thanks!

Bringt die Übersicht, die ich benötige.

まさに欲しかったプラグインでした。 ありがとうございました。

Großartiges Plugin mit vielen Einstellungsmöglichkeiten. Unablässlich bei umfangreichen Bilddateien.

Read all 455 reviews

“Media Library Folders” is open source software. The following people have contributed to this plugin.

Contributors

8.0.4

  • Renamed label for fontawesome to fix problem loading icons when older versions of fontawesome are in use on a site

8.0.3

  • Tested with WordPress 6.1

8.0.2

  • Fixed links on pages with a single tab

8.0.1

  • Updated upgrade to pro images
  • Improved mobile CSS
  • Fixed issue with moving files to the uploads folder

8.0.0

  • Implemented new user interface
  • Added optional postmeta database index which is available in the plugin settings

7.1.2

  • Added code to use a nonce when running the folder data reset process for better security
  • Updated the folder data reset instructions

7.1.1

  • Tested with WordPress 6.0
  • Removed debugging code

7.1.0

  • Added code to remove dashes from alt text file names
  • Added strict checking to array search when updating customzer settings
  • Added code to sanitize input and output
  • Fixed issue with adding images in the uploads folder when initializing the plugin

7.0.8

  • Fixed issue with scanning unreadable folders

7.0.7

  • Added function to remove hidden files when deleting a folder

7.0.4

  • Fixed issue with deleting attachment posts

7.0.3

  • Modified the size and offset of the drag and drop ghost image

7.0.2

  • Renamed Sort by Name to Sort by Title as the sorting is actually done on the attachment title field
  • Tested with WP 5.8

7.0.0

  • Updated the Upgrade to Pro page

6.1.5

  • Added warning that folder contents will be removed from the database when a folder is hidden
  • Fixed warning about missing ‘now’ variable
  • Added a search button
  • Removed object response warning
  • Added function to remove existing thumbnail images when thumbnails are regenerated

6.1.3

  • Updated the Upgrade to Pro page
  • Added review notice
  • Added code to set the number of files to display on the Media Library Folders page

6.1.2

  • Updated the jQuery functions for WordPress 5.7
  • Updated jsTree to version 3.3.11
  • Added code to prevent the update of the Media Library Folders Reset plugin (the plugin is automatically update when Media Library Folders is updated)

6.1.1

  • Added Javascript code to prevent some functions from trigging twice.
  • Fixed issue with images appearing too far to the left on wide desktop screens

6.1.0

  • Removed depreciated jquery-ui library files that was conflicting with current version of jquery

6.0.7

  • Set the limit to the number of files that can be displayed from a folder to 500 to prevent memory overflow errors when viewing a folder containing thousands of files
  • Removed code to float the folder tree and added scroll bars to the folder tree panel and to the folder contents section
  • Set a fixed height for images displayed on the Media Library Folders page

6.0.6

  • Added function call to ensure jQuery is loaded

6.0.5

  • Added PHP_OS and upload directory information to the System Information display
  • Added code to fix slashes when getting the absolute path when on a Windows server
  • Added a blank index.php file for security

6.0.4

  • Added code to prevent hiding or deleting the uploads folder
  • Added code to handle the mgmlp_ajax is not defined issue that occurs on some multisite installions

6.0.3

  • Added request for feature suggestions

6.0.2

  • Added code to load the jquery-migrate plugin which is not loaded by WordPress 5.5

6.0.0

  • Tested with WordPress 5.5.0
  • Modified image thumbnails HTML

5.2.4

  • Fixed issue with moving or copying scaled images.
  • Fixed issue with exif_read_data()

5.2.2

  • Fixed issue with media library search
  • Fixed issue with moving scales images

5.2.1

  • Added code to read exif data for jpeg files

5.2.0

  • Fixed issue with searching for folders with a null ID
  • Added code to prevent the adding of invalid files when syncing
  • Added test for destination folder when uploading a file

5.1.9

  • Fixed issue with adding duplicate images when syncing scaled images
  • Added noscript warning
  • Update PHP version test/notice to PHP 7.2

5.1.8

  • Remove engine type from SQL used for creating the folder table

5.1.7

  • Added wp-content and uploads paths to the support page, system information tab
  • Added test for existing parent folder record
  • Added check for empty file name when uploading
  • Changed the css file handle for jstree to jstree-style

5.1.6

  • Added Dutch translation to Media Library Folders Reset
  • Added code to insure removal of files deleted through media library folders pro

5.1.4

  • Enabled localization (translation) of text in the Media Library Folders Reset plugin

5.1.3

  • Added ability to close MLFP page popups
  • Added setting to display scaling feature added in WordPress 5.3

5.1.1

  • Added the optional constant FS_CHMOD_DIR for setting the permission set for new folders
  • Added code to check for current folder id
  • Fixed issue with deleting folders

5.1.0

  • Fixed issue with missing alt text when renaming an image

5.0.9

  • Added code to update links in Themify Builder and Beaver Builder posts and pages. Note, when links have been updated in Beaver Builder, it is necessary to open a page or post containing updated links in the editor and resave it for the change to take effect
  • Updated frequently asked questions
  • Added code to update links in WP Pagebuilder

5.0.8

  • Added code to update links in SiteOrigin Page Builder and Beaver Builder posts and pages. Note, when links have been updated in Beaver Builder, it is necessary to open a page or post containing updated links in the editor and resave it for the change to take effect
  • Updated the Dutch translation files

5.0.7

  • Removed the file extension from image SEO file names
  • Fixed issue with displaying changes to image SEO settings

5.0.4

  • Improved updating of links for Elementor background images

5.0.3

  • Added code to prevent activation is Media Library Folders Pro is already activated
  • Fixed issue with dragging blocks in the Gutenburg editor
  • Replace relative paths with absolute paths for opening include files

5.0.2

  • Added code to allow unfiltered uploads

5.0.0

  • Removed PHP notice text appearing on some sites

4.3.9

  • Fixed conflict with other plugins using pluggable.php

4.3.8

  • Added security enhancements

4.3.7

  • Add code to check for IIS when generating image metadata

4.3.5

  • Added code to check for non existent folder parent as suggested by Christian

4.3.4

  • Add code to test for thumbnail files before moving them
  • Tested with WordPress 5.0.2
  • Added themify to the list of folders to automatically hide

4.3.3

  • Change the folder tree left node image
  • Removed empty leaf nodes from the folder tree
  • Updated list of folders to skip

4.3.1

  • Added check for wp-all-import when loading CSS and Javascript files

4.3.0

  • Modified the sorting order of files and folders to be case insensitive

4.2.6

  • Updated the Upgrade to Pro page

4.2.5

  • Added check for thumbnail size data during move operation
  • Localized for translation text display via Java Script
  • Update the Dutch translation
  • Updated the Upgrade to Pro page

4.2.4

  • Updated the list of folders to skip when scanning or syncing the uploads directory

4.2.3

  • Modified how the move and rename functions handle thumbnail images

4.2.1

  • Fixed missing closing a tag in on the support page
  • Added Spanish translation
  • Improved code to detect when the plugin is running on IIS/Windows
  • Fixed javascript issue affecting the Edge browser
  • Fxied issue causing sync, move and copy to fail on sites running with IIS

4.2.0

  • Added multi select by holding checking a second item while holding down the shift key.
  • Improved the copy and move function to avoid triggering a server timeout error
  • Added check for mime type when files are uploaded

4.1.9

  • Modified the sync function add files without triggering a server timeout error
  • Replaced timer function for regularly checking for new folders

4.1.6

  • Fixed issue with sync adding .htaccess to the media library
  • Added troubleshooting tips to support page

4.1.5

  • Fixed Locatization issues
  • Added Russian translation
  • Fixes to the CSS

4.1.4

  • Added Dutch translation

4.1.1

  • Fixed problem with undefined file name issue that some users were reporting

4.0.9

  • Added missing progress bar Javascript library

4.0.8

  • Fixed issue with adding the SEO file title when Image SEO is turned on

4.0.7

  • Added define that turns off MLFP diagnostic messages, add define(‘HIDE_WRITELOG_MESSAGES’, true); to the wp-config.php file to activate
  • Added support for WordPress PDF preview images
  • Added ‘state’ to jstree settings to force the tree to open after refresh

4.0.5

  • Added CSS to improve the rendering of the folder tree.

4.0.4

  • Added CSS to fix the Move/Copy button that was not displaying in sites using a language other than English or French

4.0.3

  • Removed dashes and file extention for file titles

4.0.1

  • Added Javascript code to increase the height file container when the folder tree has a greater height

4.0.0

  • Added new UI

3.4.5

  • Fixed issue with string/array conversion for adding a body class

3.4.3

  • Added French translation

3.4.2

  • Modified move/copy process to process files incrementally rather than all at once.

3.4.1

  • Allowing uppercase characters, dash and underscore in filenames and update links when a file is renamed

3.3.8

  • Added link to page to fix common issues

3.3.7

  • Stopped the deleting of images that are remove from the media library when a folder is hidden
  • Fixed conflict with Enhanced Media Library settings tab
  • Fixed issue with ‘http’ in attachment file paths

3.3.5

  • Fixed table prefixed used when update attachment links

3.3.4

  • Fixed bug preventing the use of the correct link to the attachment edit page

3.3.3

  • Restored the click that allowed viewing of an attachment’s media page
  • Because MLF no longer does complete page refreshes, view of an attachment’s media page will be done is a separate browser tab
  • Fix problem with the redefining of ‘clearfix’ that was causing the folder contents to appear at the bottom of the page.

3.3.2

  • Remove unneeded callback functions causing errors

3.3.1

  • Added code to update attachment links in posts and pages
  • Refresh file and folder data without a page refresh

3.3.0

  • Fixed bug allowing deletion of folders that are not empty
  • Replace home_url() function with site_url()

3.2.9

  • Changed the file and folder permissions used for adding files and folders
  • Changed plugin name from Media LIbrary Plus to Media Library Folders

3.2.8

  • Added code to skip Uncode theme custom thumbnails images

3.2.7

  • Added the code to hide folders and to skip the scanning of non image folders

3.2.5

  • Updated the Upgrade to Pro page

3.2.4

  • Fixed regenerate_thumbs_cap issue found by nosilver4u

3.2.3

  • Fixed WP media library version check
  • test for single and double quotes in new folder names
  • Remove the fix folders helper plugin
  • Adjusted the timing of the review notice

3.2.2

  • Added code to remove extra slashes that may be added on Windows servers

3.2.1

  • Tested on WordPress 4.7.1

3.2.0

  • Added test for missing backslash

3.1.9

  • Fixed issue with adding an extra slash when creating a new folder

3.1.8

  • Tested with WordPress 4.7

3.1.7

  • Fixed the issue with invalid folder parent IDs

3.1.6

  • added missing upload destination folder

3.1.5

  • Added holiday greetings

3.1.4

  • Added new file processing code

3.0.12

  • Fixed issue will adding new folders to MLP

3.0.11

  • Added code to handle URLs for multi sites

3.0.10

  • Added code to test for and fix bad URLs in the Media Library

3.0.9

  • Added code for adding attachment info for better SEO Images

3.0.8

  • Added code for regenerating media library thumbnails

3.0.7

  • Added support link and email to the MLP page

3.0.6

  • Fixed problem deleting a folder (for MLPP)

3.0.5

  • Added code to prevent folder deletion when the folder is not empty

3.0.4

  • Added folder navigation and drag and drop copy and move

3.0.3

  • Added second method to get the absolute path
  • Added drag and drop for moving files.

3.0.1

  • Added upgrade to pro page

3.0.0

  • Removed code to update attachment URLs

2.37

  • Fixed MLP-reset version number

2.36

  • Modified to work with WordPress 4.5.1

2.35

  • CSS modified to work with WordPress 4.5

2.34

  • Modified the code to allow the deletion of folder data even if the folder does not exist

2.33

  • Made the stand alone version of MLP compatible with Maxgalleria

2.32

  • Removed Maxgallery promo on MLP page
  • Updated MLP page promo

2.31

  • Changed database engine used for creating the folders table to MyISAM

2.3

  • Added folder sync function to scan and update the database with new files and folders found on the server
  • Fix problem with incorrect path to images in the new srcset parameter

1.04

  • Included the Media Library Folders reset plugin
  • Placed Media Library Folders in its own menu to allow other plugins to add submenus to the Media menu

1.03

  • Add support for user defined uploads folder
  • Added code to handle attachment_id in attachement URLs

1.02

  • Added facebook like and share buttons
  • Added support for muilt site network activation
  • Added code to update theme customizer data if a file used by the customizer is moved.

1.01

  • Revisions to the readme file and banner image
  • Added scan for folders in uploads directory during initial scan on plugin activation
  • Added rating request notice

1.0

  • Initial version of the Media Library Folders

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907