VYPR

Shared Files

by WordPress

Source repositories

CVEs (8)

  • CVE-2025-15433MedMar 26, 2026
    risk 0.44cvss 6.8epss 0.00

    The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector

  • CVE-2026-49112HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

  • CVE-2025-4392HigJun 3, 2025
    risk 0.40cvss 7.2epss 0.00

    The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the…

  • CVE-2024-13504HigJan 31, 2025
    risk 0.40cvss 7.2epss 0.00

    The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2023-4819MedOct 16, 2023
    risk 0.40cvss 6.1epss 0.00

    The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.

  • CVE-2024-43230MedAug 26, 2024
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.28.

  • CVE-2024-32679MedApr 23, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.16.

  • CVE-2021-24856MedNov 17, 2021
    risk 0.31cvss 4.8epss 0.01

    The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed