Vulnerabilities and security researches forshared-files shared-files
Direction: ascendingJun 07, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2021-24856
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 17, 2021
- Research Description
- The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2021-24736
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 18, 2021
- Research Description
- The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2023-4819
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 17, 2023
- Research Description
- The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2024-32679
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 23, 2024
- Research Description
- Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2024-34438
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Shared Files – Frontend File Upload Form & Secure File Sharing [shared-files] < 1.7.20 CVE-2024-34438
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 13, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2024-43230
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 27, 2024
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 14, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2022-4974
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 01, 2025
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2024-13504
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 31, 2025
- Research Description
- The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the dfxp file. This issue affects only Apache-based environments, where dfxp files are handled by default.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 04, 2025
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation # CVE-2025-4392
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 03, 2025
- Research Description
- The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable