VYPR

PeepSo Core: File Uploads

by WordPress

CVEs (1)

  • CVE-2024-8988MedMay 14, 2025
    risk 0.34cvss 5.3epss 0.00

    The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it possible for…