Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2024/12/07 12:0 a.m.5 views

PT-2024-16699 · WordPress · Fileorganizer

Name of the Vulnerable Software and Affected Versions: FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary file...

7.2CVSS8AI score0.0083EPSS
Exploits0References12
OSV
OSV
added 2024/10/29 4:15 p.m.6 views

CVE-2024-7985

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizerajaxhandler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

8.8CVSS6.4AI score0.02235EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2024/06/07 1:15 p.m.2 views

CVE-2024-5599

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS5.8AI score0.00522EPSS
Exploits0References4
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.8 views

PT-2024-19734 · WordPress · The Fileorganizer – Manage Wordpress/Website Files

Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and...

5.4CVSS6.1AI score0.0032EPSS
Exploits0References5
Rows per page
Query Builder