4.3
CVE-2023-4836
- EPSS 0.49%
- Veröffentlicht 31.10.2023 14:15:12
- Zuletzt bearbeitet 03.04.2025 14:15:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR
User Private Files < 2.0.5 - Insecure Direct Object Reference
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
Mögliche Gegenmaßnahme
Secure Client Portal and Private File Sharing Plugin – User Private Files: Update to version 2.0.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Userprivatefiles ≫ Wordpress File Sharing Plugin SwPlatformwordpress Version < 2.0.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Secure Client Portal and Private File Sharing Plugin – User Private Files
Version
[*, 2.0.5)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.38 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc
https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6
https://www.wordfence.com/threat-intel/vulnerabilities/id/e53e75be-d4d6-4c10-b192-fe9691f27dd8