4.3
CVE-2023-4836
- EPSS 0.28%
- Veröffentlicht 31.10.2023 14:15:12
- Zuletzt bearbeitet 03.04.2025 14:15:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginUser Private Files < 2.0.5 - Insecure Direct Object Reference
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
Mögliche Gegenmaßnahme
File Sharing & Download Manager – User Private Files: Update to version 2.0.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
File Sharing & Download Manager – User Private Files
Version
[*, 2.0.5)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Userprivatefiles ≫ Wordpress File Sharing Plugin SwPlatformwordpress Version < 2.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.507 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.