Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-4836

๐Ÿ—“๏ธย 31 Oct 2023ย 13:54:46Reported byย WPScanTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 79ย Views

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute force

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2023-4836
31 Oct 202317:21
โ€“circl
CNNVD		WordPress Plugin WordPress File Sharing Plugin Security Vulnerability
31 Oct 202300:00
โ€“cnnvd
Cvelist		CVE-2023-4836 WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR
31 Oct 202313:54
โ€“cvelist
EUVD		EUVD-2023-54677
3 Oct 202520:07
โ€“euvd
NVD		CVE-2023-4836
31 Oct 202314:15
โ€“nvd
OSV		CLSA-2023-1697016696 Fix CVE(s): CVE-2023-4863, CVE-2023-4836
11 Oct 202309:31
โ€“osv
OSV		CVE-2023-4836
31 Oct 202314:15
โ€“osv
Patchstack		WordPress User Private Files Plugin < 2.0.5 is vulnerable to Insecure Direct Object References (IDOR)
31 Oct 202300:00
โ€“patchstack
Prion		Authorization
31 Oct 202314:15
โ€“prion
Positive Technologies		PT-2023-30798 ยท WordPress ยท Wordpress File Sharing Plugin
30 Sep 202300:00
โ€“ptsecurity
Rows per page
NVD
Vulners
Node
userprivatefileswordpress_file_sharing_pluginRange<2.0.5wordpress
[
  {
    "vendor": "Unknown",
    "product": "WordPress File Sharing Plugin",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.0.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Apr 2025 14:15Current
4.7Medium risk
Vulners AI Score4.7
CVSS 3.14.3
EPSS0.00276
SSVC
CWE-639
wordpressfile sharing pluginauthorization bypasssecurity vulnerabilitycve-2023-4836
79