4 matches found
CVE-2025-4392
The CVE-2025-4392 entry concerns the WordPress plugin Shared Files – Frontend File Upload Form & Secure File Sharing. Affected versions: up to 1.7.48. Root cause: insufficient input sanitization and output escaping in the sanitize_file() function, allowing unauthenticated stored XSS via html file...
CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitizefile function. This...
CVE-2025-4392
creationtimestamp| type| source ---|---|--- 2025-06-03 05:07:12+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3lqojh7urjl2q...
WordPress Shared Files plugin <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function vulnerability
Unauthenticated Stored Cross-Site Scripting via sanitizefile Function vulnerability discovered by Martin Martin in WordPress Plugin Shared Files versions = 1.7.48...