CVE-2026-10093

The CVE-2026-10093 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin File Sharing & Download Manager – User Private Files . Affected versions are all up to and including 2.1.6 . The issue stems from insufficient input sanitization and output escaping in the fldr_ttl pa...

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2023-4636

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2021-24736

The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues...

CVE-2023-4836

The vulnerability CVE-2023-4836 affects the WordPress File Sharing Plugin (prior to version 2.0.5). The root cause is missing authorization checks, enabling IDOR-style access where an attacker can manipulate IDs to view files/folders, potentially exposing private data. Reported impact is exposure...

WordPress Plugin WordPress File Sharing Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Cross site scripting

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2023-4636

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

PT-2023-29979 · WordPress · Wordpress File Sharing Plugin

Name of the Vulnerable Software and Affected Versions: WordPress File Sharing Plugin versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

CVE-2021-24736

The CVE-2021-24736 entry concerns the WordPress Shared Files plugin (admin+ stored XSS) prior to version 1.6.57. Connected sources confirm a stored Cross-Site Scripting vulnerability caused by insufficient sanitisation/escaping of certain plugin settings output in HTML attributes, enabling JavaSc...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress Easy Download Manager and File Sharing plugin has a cross-site scripting vulnerability in versions prior ...