Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

44 matches found

Patchstack
Patchstackadded 2024/10/29 12:0 a.m.16 views

WordPress FileOrganizer Plugin <= 1.0.9 is vulnerable to Arbitrary File Upload

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7985 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9a28a4363098 Credits TANG Cheuk Hei siunam Required privilege...

8.8CVSS6.8AI score0.50483EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDBadded 2024/06/11 12:0 a.m.11 views

FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing

Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitiv...

7.5CVSS6.6AI score0.02239EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2024/06/07 1:15 p.m.16 views

CVE-2024-5599

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS0.02239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2024/06/07 1:15 p.m.2 views

CVE-2024-5599

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS5.8AI score0.02239EPSS
Exploits0References4
CVE
CVEadded 2024/06/07 12:33 p.m.52 views

CVE-2024-5599

CVE-2024-5599 affects the FileOrganizer – Manage WordPress and Website Files plugin for WordPress (versions up to and including 1.0.7). It enables unauthenticated attackers to exfiltrate sensitive data (backups and other files) moved to the Trash via the fileorganizer_ajax_handler. Patch status i...

7.5CVSS7.6AI score0.02239EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2024/06/07 12:33 p.m.18 views

CVE-2024-5599 FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS0.02239EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/06/07 12:33 p.m.11 views

CVE-2024-5599 FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS6.7AI score0.02239EPSS
Exploits0References3
CNNVD
CNNVDadded 2024/06/07 12:0 a.m.4 views

WordPress plugin FileOrganizer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.5AI score0.02239EPSS
Exploits0References4
NVD
NVDadded 2024/05/02 5:15 p.m.11 views

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

5.4CVSS4.4AI score0.0009EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/05/02 4:52 p.m.14 views

CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

4.4CVSS4.6AI score0.0009EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/05/02 4:52 p.m.12 views

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

4.4CVSS5.9AI score0.0009EPSS
Exploits0References2
CVE
CVEadded 2024/05/02 4:52 p.m.51 views

CVE-2024-2324

CVE-2024-2324 affects the FileOrganizer – Manage WordPress and Website Files WordPress plugin. It is vulnerable to stored cross-site scripting via SVG file uploads in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping. Exploitation requires authentication. The...

5.4CVSS5.8AI score0.0009EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2024/05/02 12:0 a.m.2 views

WordPress plugin FileOrganizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.2AI score0.0009EPSS
Exploits0References3
Patchstack
Patchstackadded 2024/04/24 2:27 a.m.20 views

WordPress FileOrganizer plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Nikolas in WordPress Plugin FileOrganizer versions = 1.0.6...

5.4CVSS5.7AI score0.0009EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2024/04/24 12:0 a.m.10 views

WordPress FileOrganizer Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2324 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee105a346d17 Credits Nikolas Required privilege...

5.4CVSS6AI score0.0009EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVASadded 2023/09/26 12:0 a.m.12 views

WordPress FileOrganizer Plugin < 1.0.3 Improper Access Control Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fileorganizer:fileorganizer"; if description...

7.2CVSS7AI score0.00398EPSS
Exploits1References1
NVD
NVDadded 2023/09/25 4:15 p.m.6 views

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

7.2CVSS7.1AI score0.00398EPSS
Exploits1References1
Prion
Prionadded 2023/09/25 4:15 p.m.15 views

Code injection

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

5.8CVSS7.1AI score0.00398EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2023/09/25 3:56 p.m.55 views

CVE-2023-3664

The CVE-2023-3664 entry concerns the FileOrganizer WordPress plugin. Affected versions are 1.0.2 and earlier, where multisite installations are not restricted, allowing site administrators to gain full control over the server. The underlying issue is improper restriction of functionality on multi...

7.2CVSS7.2AI score0.00398EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/09/25 3:56 p.m.19 views

CVE-2023-3664 FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

7.3AI score0.00398EPSS
Exploits1References1
Rows per page
Query Builder