CVE-2024-32679
- EPSS 0.08%
- Veröffentlicht 23.04.2024 15:15:49
- Zuletzt bearbeitet 21.11.2024 09:15:27
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.
CVE-2023-4819
- EPSS 0.17%
- Veröffentlicht 16.10.2023 20:15:16
- Zuletzt bearbeitet 23.04.2025 17:16:47
The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.
CVE-2021-24856
- EPSS 0.21%
- Veröffentlicht 17.11.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:53
The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2021-24736
- EPSS 0.21%
- Veröffentlicht 18.10.2021 14:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:39
The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lea...