WordPress Shared Files plugin < 1.7.58 - Contributor+ Arbitrary File Download vulnerability

Contributor+ Arbitrary File Download vulnerability discovered by Muhammad Rohan khan in WordPress Plugin Shared Files versions 1.7.58...

EUVD-2025-209042

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

CVE-2025-15433

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

CVE-2025-15433

The CVE-2025-15433 entry covers the Shared Files WordPress plugin (versions prior to 1.7.58). A path-traversal vulnerability lets a user with a low privilege level (Contributor) download arbitrary files on the web server (e.g., wp-config.php). The connected documents provide the vulnerability des...

CVE-2025-15433 Shared Files < 1.7.58 - Contributor+ Arbitrary File Download

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

CVE-2025-15433 Shared Files < 1.7.58 - Contributor+ Arbitrary File Download

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

WordPress plugin Shared Files 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-28212

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...

CVE-2026-33370

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious...

CVE-2026-33370

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious...

CVE-2026-33370

CVE-2026-33370 affects Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored XSS in the Zimbra Briefcase feature arises from insufficient sanitization of certain uploaded file types. When a user opens a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript can execute ...

EUVD-2026-8594

FileBrowser Quantum: Password Protection Not Enforced on Shared File Links...

CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

FileBrowser 安全漏洞

FileBrowser is a web-based file browser developed by Seagate as open source software. It provides an interface for managing files within specified directories, allowing actions such as uploading, deleting, previewing, renaming, and editing files. It supports multiple users, with each user having...

CVE-2024-34438

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.19...

CVE-2024-34438

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.19...

CVE-2024-34438 WordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.19...

CVE-2024-34438 WordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through = 1.7.19...

PT-2026-21025

Name of the Vulnerable Software and Affected Versions Shared Files versions through 1.7.19 Description A missing authorization flaw exists in Anssi Laitila Shared Files shared-files. The issue impacts the application's ability to properly restrict access to resources. Recommendations Update to a...

WordPress plugin Shared Files 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...