User Private Files

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-10093	WordPress User Private Files	Med	0.35	6.4	—	Jun 16, 2026	The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it…
CVE-2024-13799	WordPress User Private Files	Med	0.35	6.4	0.00	Feb 19, 2025	The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and…
CVE-2023-4636	Userprivatefiles Wordpress File Sharing Plugin	Med	0.22	4.4	0.01	Sep 5, 2023	The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
CVE-2024-7848	WordPress User Private Files		0.00	—	0.00	Aug 22, 2024	The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it…

CVE-2026-10093MedJun 16, 2026
WordPress
User Private Files
risk 0.35cvss 6.4epss —
The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it…
CVE-2024-13799MedFeb 19, 2025
WordPress
User Private Files
risk 0.35cvss 6.4epss 0.00
The User Private Files – File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘new-fldr-name’ parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and…
CVE-2023-4636MedSep 5, 2023
Userprivatefiles
Wordpress File Sharing Plugin
risk 0.22cvss 4.4epss 0.01
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
CVE-2024-7848Aug 22, 2024
WordPress
User Private Files
risk 0.00cvss —epss 0.00
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it…