Vulnerabilities > Mediajedi

DATE CVE VULNERABILITY TITLE RISK
2024-08-22 CVE-2024-7848 Authorization Bypass Through User-Controlled Key vulnerability in Mediajedi User Private Files
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key.
network
low complexity
mediajedi CWE-639
6.5
2022-08-08 CVE-2022-2356 Unrestricted Upload of File with Dangerous Type vulnerability in Mediajedi User Private Files
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
network
low complexity
mediajedi CWE-434
8.8