CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

PT-2023-30798 · WordPress · Wordpress File Sharing Plugin

Name of the Vulnerable Software and Affected Versions: WordPress File Sharing Plugin versions prior to 2.0.5 Description: The issue allows users to gain access to files and folders by manipulating IDs, which can be easily brute forced, due to a lack of authorization checks. Recommendations: For...