cleantalk
Vulnerabilities and Security Researches

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation, CVE-2021-24856

CVE, Research URL

CVE-2021-24856

Home page URL

Security reports for Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Application

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Published on
Nov 17, 2021
Research Description
The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions
Min -, max 1.6.72.
Status
vulnerable
Previous vulnerability researches
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation (CVE-2024-43230) , Aug 13, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation (CVE-2022-4974) , Nov 14, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation (CVE-2021-24856) , Jun 07, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation (CVE-2021-24736) , Jun 07, 2024
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation (CVE-2023-4819) , Jun 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025