2 matches found
CVE-2025-12041 ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eriflfile' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user...
CVE-2025-12041
The CVE-2025-12041 entry concerns the WordPress ERI File Library plugin up to version 1.1.0, where a missing capability check on the erifl_file AJAX action allows unauthenticated attackers to download files restricted to specific user roles. Affected software: WordPress ERI File Library plugin (v...