Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Frontend File Manager and Sharing – User Private Files 1.1.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 6, 2022

The Frontend File Manager & Sharing – User Private Files plugin for WordPress has a security vulnerability in versions up to 1.1.1. This vulnerability makes it possible for unauthenticated attackers to delete files and modify settings without being authorized. This is because some functions such as dpk_upvf_rmv_file(), dpk_upvf_rmv_access(), and dpk_upvf_update_doc() do not have proper security checks and nonce validation.

Detected in:

User Private Files – File Upload & Download Manager with Secure File Sharing fixed vulnerable versions:
User Private Files – Upload and Share Files with Secure WordPress File Manager fixed vulnerable versions:
User Private Files – Upload Documents & Secure File Sharing with Frontend File Manager fixed vulnerable versions:
User Private Files – WordPress File Sharing Plugin fixed vulnerable versions:
WordPress File Sharing Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.