4 matches found
CVE-2024-13799
The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes i...
CVE-2024-13799
creationtimestamp| type| source ---|---|--- 2025-02-19 06:16:05+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lij4snd62l2g 2025-02-19 08:07:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lijcz4mnpj2a 2025-02-19 08:39:11+00:00|...
CVE-2024-13799
The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes i...
CVE-2024-13799
CVE-2024-13799 affects the WordPress plugin “User Private Files – File Upload & Download Manager with Secure File Sharing”. According to the connected Wordfence entry, it is vulnerable to Stored Cross-Site Scripting via the new-fldr-name parameter in all versions up to and including 2.1.3, caused...