Overview
- Description
- The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-639
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "49FC51E7-C463-4DD0-918A-8660105FFF12",
"versionEndExcluding": "2.0.5"
}
],
"operator": "OR"
}
]
}
]