CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4836 – WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR
https://notcve.org/view.php?id=CVE-2023-4836
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced El complemento WordPress File Sharing Plugin de WordPress anterior a 2.0.5 no verifica la autorización antes de mostrar archivos y carpetas, lo que permite a los usuarios obtener acceso a los archivados manipulando ID que pueden ser fácilmente forzados. The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to 2.0.5 (exclusive) via the upvf_pro_preview_file function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to gain access to files and folders belonging to other users. • https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4636 – WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4636
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. El plugin WordPress File Sharing para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a través de la configuración de administración en versiones hasta, e incluyendo, la 2.0.3 debido a la insuficiente sanitización de entrada y escape de salida. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://github.com/ThatNotEasy/CVE-2023-4636 https://github.com/xsn1210/vul2/blob/main/xss%5BWordPressFile%5D%20.md https://plugins.trac.wordpress.org/changeset/2961909/user-private-files https://www.wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •