CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4636

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.8%

CVSS Severity

CVSS v3 Score 4.4

References

Products affected by CVE-2023-4636

Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.0.7

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.0.7
Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.0.8

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.0.8
Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.0.9

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.0.9
Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.1.0

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.1.0
Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.1.1

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.1.1
Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.1.2

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.1.2
Userprivatefiles » Wordpress File Sharing Plugin » Version: 1.1.3

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:1.1.3
Userprivatefiles » Wordpress File Sharing Plugin » Version: 2.0.1

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:2.0.1
Userprivatefiles » Wordpress File Sharing Plugin » Version: 2.0.2

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:2.0.2
Userprivatefiles » Wordpress File Sharing Plugin » Version: 2.0.3

cpe:2.3:a:userprivatefiles:wordpress_file_sharing_plugin:2.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4636

Products

Pricing

Contact Us