EUVD-2025-4749

Malicious code in bioql PyPI...

EUVD-2024-48699

Malicious code in bioql PyPI...

CVE-2024-13799 User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes i...

CVE-2024-13799

CVE-2024-13799 affects the WordPress plugin “User Private Files – File Upload & Download Manager with Secure File Sharing”. According to the connected Wordfence entry, it is vulnerable to Stored Cross-Site Scripting via the new-fldr-name parameter in all versions up to and including 2.1.3, caused...

WordPress plugin User Private Files 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress User Private Files – File Upload & Download Manager with Secure File Sharing plugin <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin User Private Files versions = 2.1.3...

CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

PT-2024-38626 · WordPress · User Private Files

Name of the Vulnerable Software and Affected Versions: User Private Files – WordPress File Sharing Plugin versions up to, and including, 2.1.0 Description: The issue allows authenticated attackers with subscriber-level access and above to gain access to other users' private files due to missing...

WordPress plugin User Private Files 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

WordPress User Private Files Plugin < 2.0.5 is vulnerable to Insecure Direct Object References (IDOR)

Software User Private Files Type Plugin Vulnerable versions 2.0.5 Fixed in 2.0.5 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-4836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 588e3012fbb4 Credits Dmitrii Ignatyev Require...

WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...

CVE-2022-2356 User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded...

WordPress User Private Files plugin <= 1.1.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Raad Haddad in WordPress User Private Files plugin versions = 1.1.2. Solution Update the WordPress User Private Files plugin to the latest available version at least 1.1.3...