4 matches found
WordPress File Away plugin <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read vulnerability
Missing Authorization to Unauthenticated Arbitrary File Read vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin File Away versions = 3.9.9.0.1...
CVE-2023-0431
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
WordPress Plugin File Away 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress File Away Plugin <= 3.9.9.0.1 is vulnerable to Cross Site Scripting (XSS)
Software File Away Type Plugin Vulnerable versions = 3.9.9.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0431 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7613f6f78f2 Credits Lana Codes Required...