WordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 Patchstack Alliance in WordPress Plugin Shared Files versions = 1.7.19...

WordPress Shared Files Plugin <= 1.7.19 is vulnerable to Broken Access Control

Software Shared Files Type Plugin Vulnerable versions = 1.7.19 Fixed in 1.7.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34438 Patch priority Low CVSS severity Low 5.3 Developer Tammersoft PSID 04ad9b91bcca Credits domiee13 Required privilege...

CVE-2024-32679

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.16...

CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16...

CVE-2024-32679

CVE-2024-32679 is a Missing Authorization vulnerability in Shared Files – Advanced File Sharing & Download Manager for WordPress (Shared Files) affecting versions up to 1.7.16. The issue stems from broken access control in Shared Files PRO Shared Files, potentially enabling unauthorized access to...

CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.16...

PT-2024-24764 · Unknown · Shared Files

Name of the Vulnerable Software and Affected Versions: Shared Files versions 1.7.16 and earlier Description: The issue is related to a Missing Authorization vulnerability in Shared Files PRO Shared Files. Recommendations: For versions 1.7.16 and earlier, update to a version that includes the fix...

WordPress Plugin Shared Files 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Shared Files versions = 1.7.16...

WordPress Shared Files Plugin <= 1.7.16 is vulnerable to Broken Access Control

Software Shared Files Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32679 Patch priority Low CVSS severity Low 5.3 Developer Tammersoft PSID a4b252f2d162 Credits Dhabaleshwar Das Required privilege...

Nextcloud: Can download files on Android app without permission

A vulnerability was discovered in the Android app where users could download files shared with them, even if the owner had disabled the download option. The vulnerability affected various file types, including PDF, document, image, and presentation files. The vulnerability allowed users to access...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

CVE-2023-28875

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link...

WordPress Shared Files Plugin < 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Shared Files Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4819 Patch priority Low CVSS severity Low 7.1 Developer Tammersoft PSID e7b614bc819b Credits Zeyad Alshahrani Required privileg...

CVE-2023-4819

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

Sql injection

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

CVE-2023-4819 Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts...

CVE-2023-4819

The CVE-2023-4819 entry concerns the Shared Files WordPress plugin prior to version 1.7.6. Affected component: the upload handling (Content-Type header) for uploaded files. Root cause: the plugin does not return the correct Content-Type, enabling an attacker to upload an allowed file extension th...

PT-2023-30719 · WordPress · Shared Files

Name of the Vulnerable Software and Affected Versions: The Shared Files WordPress plugin versions prior to 1.7.6 Description: The issue arises from the plugin not returning the correct Content-Type header for uploaded files, allowing an attacker to upload files with allowed extensions that contai...