CVE-2024-7985
- EPSS 36.31%
- Veröffentlicht 29.10.2024 16:15:06
- Zuletzt bearbeitet 08.11.2024 15:22:33
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This mak...
CVE-2024-5599
- EPSS 2.24%
- Veröffentlicht 07.06.2024 13:15:50
- Zuletzt bearbeitet 21.11.2024 09:47:59
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthen...
CVE-2024-2324
- EPSS 0.09%
- Veröffentlicht 02.05.2024 17:15:16
- Zuletzt bearbeitet 13.03.2025 17:04:00
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This ...
CVE-2023-3664
- EPSS 0.35%
- Veröffentlicht 25.09.2023 16:15:14
- Zuletzt bearbeitet 21.11.2024 08:17:47
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.