CVE-2023-4836
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WordPress File Sharing Plugin | 0 < 2.0.5 | affected |
Weaknesses
- CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6
- https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6
- https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.