CVE-2025-4392
Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.
El complemento Shared Files – Frontend File Upload Form & Secure File Sharing para WordPress es vulnerable a Cross-Site Scripting Almacenado al subir archivos HTML en todas las versiones hasta la 1.7.48 incluida, debido a una depuración de entrada insuficiente y al escape de salida dentro de la función sanitize_file(). Esto permite a atacantes no autenticados eludir las comprobaciones de solo MIME del complemento e inyectar scripts web arbitrarios en las páginas que se ejecutarán al acceder un usuario al archivo HTML.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-05-06 CVE Reserved
- 2025-06-02 CVE Published
- 2025-06-03 CVE Updated
- 2025-07-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Anssilaitila Search vendor "Anssilaitila" | Shared Files – Frontend File Upload Form & Secure File Sharing Search vendor "Anssilaitila" for product "Shared Files – Frontend File Upload Form & Secure File Sharing" | <= 1.7.48 Search vendor "Anssilaitila" for product "Shared Files – Frontend File Upload Form & Secure File Sharing" and version " <= 1.7.48" | en |
Affected
|