CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

WordPress plugin Private Files 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2021-24856

The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Shared Files plugin in versions prior to 1.6.61...

WordPress Shared Files plugin <= 1.6.56 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Shared Files plugin versions = 1.6.56. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.57...

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "alert/XSS/...

Download from files <= 1.48 - Unauthenticated Arbitrary File Upload

The downloadfromfiles617fileupload AJAX action f the plugin, available to both unauthenticated and authenticated users does not properly restrict the files to be uploaded, which could allow unauthenticated users to upload PHP4 files for example PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

ProjectPier Unlimited File Upload Vulnerability

ProjectPier is a free open source project management system . Files plugin is one of the file management plugin . An arbitrary file upload vulnerability exists in ProjectPier 0.88 and previous versions of the Files plugin. A remote attacker can exploit this vulnerability to execute arbitrary PHP...

CVE-2014-4588

Cross-site scripting XSS vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager wphotfiles plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter...