Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Frontend File Manager and Sharing – User Private Files 1.1.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 6, 2022

The Frontend File Manager & Sharing – User Private Files plugin for WordPress is insecure in versions up to and including 1.1.0. This means that any unauthenticated attacker could access sensitive data, such as user emails, by using the dpk_upvf_uemail_search() function. To prevent this from happening, it’s important to update the plugin to the latest version.

Detected in:

User Private Files – File Upload & Download Manager with Secure File Sharing fixed vulnerable versions:
User Private Files – Upload and Share Files with Secure WordPress File Manager fixed vulnerable versions:
User Private Files – Upload Documents & Secure File Sharing with Frontend File Manager fixed vulnerable versions:
User Private Files – WordPress File Sharing Plugin fixed vulnerable versions:
WordPress File Sharing Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.