Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2025-2539
- EPSS 20.81%
- Veröffentlicht 20.03.2025 11:11:26
- Zuletzt bearbeitet 11.08.2025 15:00:43
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging...
9.8
CVE-2025-2512
- EPSS 3.08%
- Veröffentlicht 19.03.2025 11:23:30
- Zuletzt bearbeitet 11.08.2025 14:58:33
The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthe...
5.4
CVE-2023-0431
- EPSS 0.11%
- Veröffentlicht 12.06.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:37:10
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
1