CVE-2023-4836

MEDIUM

WordPress File Sharing Plugin <2.0.5 - Info Disclosure

Title source: llm

Description

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 50.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

userprivatefiles/wordpress_file_sharing_plugin < 2.0.5

Published Oct 31, 2023

Tracked Since Feb 18, 2026