Lucene search
K

4 matches found

NVD
NVD
added 2025/05/14 9:15 a.m.17 views

CVE-2024-8988

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00248EPSS
Exploits0References2
Circl
Circl
added 2025/05/14 8:31 a.m.19 views

CVE-2024-8988

creationtimestamp| type| source ---|---|--- 2025-05-14 08:31:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16292 2025-05-14 09:19:31+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp4o2rrqojj2...

5.3CVSS8.7AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/14 8:22 a.m.22 views

CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00248EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/13 11:7 p.m.7 views

WordPress PeepSo Core: File Uploads plugin <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via filedownload vulnerability discovered by Bikram Kharal in WordPress Plugin PeepSo Core: File Uploads versions = 6.4.6.0...

5.3CVSS8.2AI score0.00248EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder