Vulnerability Description
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Userprivatefiles | Wordpress File Sharing Plugin | < 2.0.5 |
Related Weaknesses (CWE)
References
- https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitivExploitThird Party Advisory
- https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6ExploitThird Party Advisory
- https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitivExploitThird Party Advisory
- https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6ExploitThird Party Advisory
- https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6ExploitThird Party Advisory
FAQ
What is CVE-2023-4836?
CVE-2023-4836 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which...
How severe is CVE-2023-4836?
CVE-2023-4836 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4836?
Check the references section above for vendor advisories and patch information. Affected products include: Userprivatefiles Wordpress File Sharing Plugin.