VDB
CVE-2023-4836
CVE-2023-4836
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
EPSS 0.28% · 51.3th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.28%
51.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unknown | WordPress File Sharing Plugin | 0, 0, 0 |
| userprivatefiles | wordpress_file_sharing_plugin | 0, 0, 0 |
Exploit Intelligence
- https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc (nist-nvd)
- CIRCL seen: CVE-2023-4836 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-4836 (circl-sighting)
- https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6 (cve.org)
Timeline
- Oct 31, 2023 CVE Published
- Oct 31, 2023 PoC Published
- Nov 1, 2023 EPSS Score
- Dec 2, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 3, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 3, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Sep 3, 2024 EPSS Score