Lucene search
K

51 matches found

Cvelist
Cvelist
added 2026/06/15 8:19 p.m.33 views

CVE-2026-49112 WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...

7.5CVSS0.00326EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 10:37 a.m.10 views

WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Path Traversal vulnerability discovered by kai63001 in WordPress Plugin Shared Files versions = 1.7.64...

7.5CVSS5.5AI score0.00326EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Download From Files 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

9.8CVSS5.9AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 6:0 a.m.27 views

CVE-2025-15433 Shared Files < 1.7.58 - Contributor+ Arbitrary File Download

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

0.0043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:0 a.m.2 views

CVE-2025-15433

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

6.8CVSS5.8AI score0.0043EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 6:0 a.m.15 views

CVE-2025-15433

The Shared Files WordPress plugin, versions before 1.7.58, is affected by a path traversal vulnerability that allows users with a role as low as Contributor to arbitrarily download any file on the web server (e.g., wp-config.php). Root cause: improper validation in file download logic. Affected p...

6.8CVSS5.8AI score0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 6:0 a.m.3 views

CVE-2025-15433 Shared Files < 1.7.58 - Contributor+ Arbitrary File Download

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

5.8AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28212

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

5.8AI score0.0043EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

WordPress plugin Shared Files 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.8CVSS5.8AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.9 views

CVE-2023-4819

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

6.1CVSS6.8AI score0.0042EPSS
Exploits2References1
NVD
NVD
added 2025/10/28 3:15 a.m.6 views

CVE-2025-12347

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

8.8CVSS0.0036EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-1002

Malware in sbrugna...

9.8CVSS5.5AI score0.00746EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-4515

Malware in sbrugna...

4.3CVSS6.4AI score0.01629EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29412

Malicious code in bioql PyPI...

6.6AI score
Exploits0References2
CNVD
CNVD
added 2025/06/11 12:0 a.m.2 views

WordPress Shared Files Plugin Cross-Site Scripting Vulnerability

WordPress and WordPress Plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Shared Files Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

7.2CVSS6.5AI score0.00305EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.3 views

WordPress plugin Shared Files 跨站脚本漏洞

WordPress and WordPress Plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Shared Files Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

7.2CVSS6AI score0.00305EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.6 views

CVE-2024-10709

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.8CVSS6.1AI score0.00673EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.8 views

CVE-2024-10710

The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.7AI score0.00384EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.9 views

CVE-2021-24856

The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00647EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:25 p.m.6 views

CVE-2005-10002

A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sfdownloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able t...

9.8CVSS7.1AI score0.00746EPSS
Exploits0References1
Rows per page
Query Builder