Hynotech

hynotech

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Dropbox Folder Share

dropbox_folder_share

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4488 1Hynotech 1Dropbox Folder Share Apr 8, 2026 Oct 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary fi...Show more The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.Show less
CVE-2023-3025 1Hynotech 1Dropbox Folder Share Apr 8, 2026 Sep 16, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests t...Show more The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-4488

1Hynotech

1Dropbox Folder Share

Apr 8, 2026

Oct 20, 2023

N/A· v4

9.8 CRITICAL· v3

N/A· v2

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.Show less

CVE-2023-3025

1Hynotech

1Dropbox Folder Share

Apr 8, 2026

Sep 16, 2023

N/A· v4

7.2 HIGH· v3

N/A· v2

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less