Skip to main content

User Private Files

2 CVEs product

Monthly

CVE-2024-7848 MEDIUM PATCH This Month

The User Private Files - WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress User Private Files
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-2356 HIGH POC This Week

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress User Private Files
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
1.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The User Private Files - WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress User Private Files
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress User Private Files
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy