CVE-2023-4836

Published: Oct 31, 2023Modified: Apr 3, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

Affected (1)

Products: Userprivatefiles: Wordpress File Sharing Plugin

Userprivatefiles

1 product

Wordpress File Sharing Plugin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Userprivatefiles Wordpress File Sharing Plugin	Before 2.0.5

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (5)

https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6

Source: contact@wpscan.com

ExploitThird Party Advisory

https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.