CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32539 – WordPress WP File Download Light plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32539
15 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnited WP File Download Light allows Stored XSS.This issue affects WP File Download Light: from n/a through 1.3.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en JoomUnited WP File Download Light permite almacenar XSS. Este problema afecta a WP File Download Light: desde n/a hasta 1.3.3. The WP File Download Light plugin for ... • https://patchstack.com/database/vulnerability/wp-file-download-light/wordpress-wp-file-download-light-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 6%CPEs: 2EXPL: 0CVE-2023-6825 – File Manager And File Manager Pro (Multiple Versions) - Directory Traversal
https://notcve.org/view.php?id=CVE-2023-6825
04 Mar 2024 — The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version... • https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784 • CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2023-7015 – File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-7015
20 Feb 2024 — The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento File Manager Pro para WordPress es vulnerable a Cross-Site Scripting Reflejado a ... • https://filemanagerpro.io/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25903 – WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-25903
12 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en N-Media Frontend File Manager. Este problema afecta a Frontend File Manager: desde n/a hasta 22.7. The Frontend File Manager Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 22.7 via the use... • https://patchstack.com/database/vulnerability/nmedia-user-file-uploader/wordpress-frontend-file-manager-plugin-plugin-22-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0736 – EFS Easy File Sharing FTP Login denial of service
https://notcve.org/view.php?id=CVE-2024-0736
19 Jan 2024 — A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://0day.today/exploit/39249 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0693 – EFS Easy File Sharing FTP denial of service
https://notcve.org/view.php?id=CVE-2024-0693
18 Jan 2024 — A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://0day.today/exploit/description/39218 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50897 – Media File Renamer <= 5.7.7 - Authenticated(Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-50897
26 Dec 2023 — The Media File Renamer: Rename Files (Manual, Auto & AI) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.7.7. This makes it possible for authenticated attackers, with administrator access and above, to execute code on the server by renaming files containing PHP code. • CWE-73: External Control of File Name or Path •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44227 – WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2023-44227
28 Sep 2023 — Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9. Vulnerabilidad de falta de autorización en Mitchell Bennis Simple File List. Este problema afecta a Simple File List: desde n/a hasta 6.1.9. The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including, 6.1.9. This is due to insufficient controls on files passed to a deletion function. • https://github.com/codeb0ss/CVE-2023-44227-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48554 – file: stack-based buffer over-read in file_copystr in funcs.c
https://notcve.org/view.php?id=CVE-2022-48554
22 Aug 2023 — File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash. It was discovered that file incorrectly handled certain malformed files. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3784 – Dooblou WiFi File Explorer cross site scripting
https://notcve.org/view.php?id=CVE-2023-3784
20 Jul 2023 — A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. • https://seclists.org/fulldisclosure/2023/Jul/37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •