CVE-2024-7317: 
WordPress vulnerability analysis and mitigation

The Folders plugin for WordPress (versions up to 3.0.3) contains a Stored Cross-Site Scripting vulnerability (CVE-2024-7317) that affects the media library functionality. The vulnerability stems from insufficient input sanitization and output escaping when handling SVG file uploads. This security issue was discovered and reported by Wordfence, with the initial disclosure occurring on August 6, 2024 (NVD CVE).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 5.4 (Medium) according to NIST, and 6.4 (Medium) according to Wordfence. The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L). The vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts through SVG file uploads (NVD CVE).

When exploited, this vulnerability allows authenticated attackers to inject malicious web scripts that execute whenever a user accesses the affected SVG file. This could potentially lead to unauthorized actions being performed in the context of other users' sessions who view the compromised SVG files (NVD CVE).

The vulnerability has been patched in version 3.0.4 of the Folders plugin. Users are advised to update to this version or later to mitigate the security risk. The fix includes improved input sanitization and output escaping for SVG file uploads (WordPress Plugin).