← Back

Mediajedi

mediajedi

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
User Private Files
user_private_files
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-7848
1Mediajedi
1User Private Files
Sep 26, 2024
Aug 22, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing valid...Show more
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user's private files.Show less
CVE-2022-2356
1Mediajedi
1User Private Files
Nov 21, 2024
Aug 8, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.