VYPR

Fileorganizer

by WordPress

Source repositories

CVEs (5)

  • CVE-2023-3664HigSep 25, 2023
    risk 0.47cvss 7.2epss 0.01

    The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.

  • CVE-2024-7985HigOct 29, 2024
    risk 0.42cvss 7.5epss 0.02

    The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for…

  • CVE-2024-5599HigJun 7, 2024
    risk 0.42cvss 7.5epss 0.01

    The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to…

  • CVE-2024-11010HigDec 7, 2024
    risk 0.40cvss 7.2epss 0.01

    The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with…

  • CVE-2024-2324MedMay 2, 2024
    risk 0.29cvss 4.4epss 0.00

    The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for…