CVE-2023-4836

State: PUBLISHED · Published: 2023-10-31 · Updated: 2025-04-03 · Assigner: WPScan

Description

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

CWE

(none)

Affected

Unknown / WordPress File Sharing Plugin — v=0 <2.0.5 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6 exploit, vdb-entry, technical-description
https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc

Source

cvelistV5-main/cves/2023/4xxx/CVE-2023-4836.json