CVE-2023-4836
WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
El complemento WordPress File Sharing Plugin de WordPress anterior a 2.0.5 no verifica la autorización antes de mostrar archivos y carpetas, lo que permite a los usuarios obtener acceso a los archivados manipulando ID que pueden ser fácilmente forzados.
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to 2.0.5 (exclusive) via the upvf_pro_preview_file function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to gain access to files and folders belonging to other users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-08 CVE Reserved
- 2023-10-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Userprivatefiles Search vendor "Userprivatefiles" | Wordpress File Sharing Plugin Search vendor "Userprivatefiles" for product "Wordpress File Sharing Plugin" | < 2.0.5 Search vendor "Userprivatefiles" for product "Wordpress File Sharing Plugin" and version " < 2.0.5" | wordpress |
Affected
| ||||||