WordPress plugin Shared Files 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin user files versions = 2.4.2...

WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...

CVE-2024-10710

The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-16483

Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The YaDisk Files WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

WordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 Patchstack Alliance in WordPress Plugin Shared Files versions = 1.7.19...

CVE-2005-10002

A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sfdownloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able t...

CVE-2005-10002

The CVE-2005-10002 issue affects the almosteffortless secure-files Plugin (WordPress) up to version 1.1. The vulnerability resides in the sf_downloads function within secure-files.php, where manipulation of the downloadfile argument enables path traversal. A fixed version exists: upgrade to versi...

PT-2023-9858 · Almosteffortless · Almosteffortless Secure-Files Plugin

Name of the Vulnerable Software and Affected Versions: almosteffortless secure-files Plugin versions 1.1 and earlier Description: A critical issue was found in the almosteffortless secure-files Plugin for WordPress. The sf downloads function in the secure-files.php file is affected, where...

Sql injection

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

PT-2023-30719 · WordPress · Shared Files

Name of the Vulnerable Software and Affected Versions: The Shared Files WordPress plugin versions prior to 1.7.6 Description: The issue arises from the plugin not returning the correct Content-Type header for uploaded files, allowing an attacker to upload files with allowed extensions that contai...

WordPress plugin Shared Files Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...

Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Currently, there are no known workarounds or patches...

CVE-2022-45401

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-45401

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-45401

CVE-2022-45401 affects Jenkins Associated Files Plugin (versions 0.2.1 and earlier). The flaw is a stored XSS due to the plugin not escaping the names of associated files, enabling an attacker with Item/Configure permission to exploit it. The public documents confirm the vulnerability exists but ...

PT-2022-27503 · Jenkins · Jenkins Associated Files Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Associated Files Plugin versions 0.2.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not properly escape the names of associated files. Attackers...

CVE-2022-45401

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...