CVE-2024-43230 – WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43230
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28. The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.28 via the export functionality and lack of protected directory. This makes it possible for unauthenticated attackers to extract sensitive data information from export files generated by the plugin. • https://patchstack.com/database/vulnerability/shared-files/wordpress-shared-files-premium-download-manager-secure-file-sharing-with-frontend-file-upload-plugin-1-7-28-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-34438 – Shared Files <= 1.7.19 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-34438
The Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.19. This makes it possible for unauthenticated attackers to perform an unauthorized action. • CWE-862: Missing Authorization •
CVE-2024-32679 – WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32679
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16. Vulnerabilidad de autorización faltante en Shared Files PRO Shared Files. Este problema afecta a Shared Files: desde n/a hasta 1.7.16. The Shared Files plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_notifications function in versions up to, and including, 1.7.16. This makes it possible for unauthenticated attackers to dismiss notices. • https://patchstack.com/database/vulnerability/shared-files/wordpress-shared-files-plugin-1-7-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •