Unauthenticated Access to Files and Folders in WordPress File Sharing Plugin
CVE-2023-4836 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced
Learn more about our Wordpress Pen Testing.