EUVD-2025-7572

Malicious code in bioql PyPI...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in File_Away_Project File_Away

POC - CVE-2025-2539 File Away = 3.9.9.0.1 - Missing Author...

CVE-2023-0431

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2025-2539

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

CVE-2025-2539

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

CVE-2025-2539

The WordPress File Away plugin is vulnerable to unauthenticated arbitrary file read via a missing capability check in the ajax() endpoint in all versions up to 3.9.9.0.1. Authenticated status is not required (ATT&CK: None specified in documents), and the vulnerability allows reading server files ...

CVE-2025-2539 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

CVE-2025-2512

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

WordPress File Away plugin <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function vulnerability

Missing Authorization to Unauthenticated File Upload via upload Function vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin File Away versions = 3.9.9.0.1...

CVE-2025-2512 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

CVE-2023-0431

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2023-0431 File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

PT-2023-16265 · WordPress · File Away

Name of the Vulnerable Software and Affected Versions: File Away WordPress plugin versions 3.9.9.0.1 and earlier Description: The issue concerns a lack of validation and escaping of one of its shortcode attributes. This could allow users with a role as low as contributor to perform a Stored...

WordPress File Away Plugin <= 3.9.9.0.1 is vulnerable to Cross Site Scripting (XSS)

Software File Away Type Plugin Vulnerable versions = 3.9.9.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0431 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7613f6f78f2 Credits Lana Codes Required...

File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. fileup class='" onmouseover="alert1"'...

File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC fileup class='" onmouseover="alert1"'...

WordPress file-away plugin file disclosure vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A file disclosure vulnerability exists in the WordPress file-away plugin, which can be exploited by attackers to download fil...