3 matches found
CVE-2024-7848
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...
CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...
WordPress User Private Files Plugin <= 2.1.0 is vulnerable to Broken Access Control
Software User Private Files Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7848 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f9aa46f01a Credits Peter Thaleikis Required...