Vulnerabilities > CVE-2024-5599 - Unspecified vulnerability in Fileorganizer

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fileorganizer

NVD

Published: 2024-06-07

Updated: 2024-06-11

Summary

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.

Vulnerable Configurations

Part	Description	Count
Application	Fileorganizer Fileorganizer Fileorganizer - Fileorganizer Fileorganizer 1.0.0 Fileorganizer Fileorganizer 1.0.1 Fileorganizer Fileorganizer 1.0.2 Fileorganizer Fileorganizer 1.0.3 Fileorganizer Fileorganizer 1.0.4 Fileorganizer Fileorganizer 1.0.5 Fileorganizer Fileorganizer 1.0.6 Fileorganizer Fileorganizer 1.0.7	9

Summary

Vulnerable Configurations

References