cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11010,https://securityvulnerability.io/vulnerability/CVE-2024-11010,Arbitrary File Inclusion Vulnerability in FileOrganizer Plugin,"The FileOrganizer – Manage WordPress and Website Files plugin contains a vulnerability that allows local JavaScript file inclusion through the 'default_lang' parameter. Authenticated users with Administrator-level access can exploit this flaw to include and execute arbitrary JavaScript files on the server. This exploitation can lead to unauthorized code execution, data breaches, and bypassing of access controls, especially when combined with attack vectors that permit uploading seemingly safe file types, such as images.",Wordpress,Fileorganizer – Manage WordPress And Website Files,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-07T09:27:05.743Z,0
CVE-2024-7985,https://securityvulnerability.io/vulnerability/CVE-2024-7985,Arbitrary File Upload Vulnerability in FileOrganizer Plugin for WordPress,"The FileOrganizer plugin for WordPress, versions up to and including 1.0.9, has a vulnerability due to inadequate file type validation in the 'fileorganizer_ajax_handler' function. This flaw enables authenticated users, particularly those with Subscriber-level permissions and above, to upload arbitrary files to the server. Should the FileOrganizer Pro plugin be active, these users can exploit this weakness, potentially leading to unauthorized remote code execution on the affected site.",Wordpress,Fileorganizer,8.8,HIGH,0.0006399999838322401,false,,false,false,false,,false,false,2024-10-29T16:15:00.000Z,0
CVE-2024-5599,https://securityvulnerability.io/vulnerability/CVE-2024-5599,Sensitive Information Exposure Vulnerability Affects FileOrganizer Plugin,"The FileOrganizer plugin for WordPress has a vulnerability that allows unauthenticated attackers to access sensitive data, such as backups or other important files. This exposure arises from the 'fileorganizer_ajax_handler' function, which does not adequately protect files moved to the built-in Trash folder. Consequently, if files containing sensitive information are not properly secured, they may be retrieved by malicious actors, leading to potential data breaches.",Wordpress,Fileorganizer – Manage WordPress And Website Files,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-07T12:33:43.953Z,0
CVE-2024-2324,https://securityvulnerability.io/vulnerability/CVE-2024-2324,Stored Cross-Site Scripting Vulnerability in FileOrganizer Plugin,"The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. For the free version, this is limited to administrators. The pro version is also vulnerable and exploitable by administrators, but also offers the functionality to lower level users (as low as subscribers) if enabled.",Wordpress,Fileorganizer – Manage WordPress And Website Files,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:55.087Z,0
CVE-2023-3664,https://securityvulnerability.io/vulnerability/CVE-2023-3664,FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access,"The FileOrganizer plugin for WordPress, specifically versions up to 1.0.2, is affected by a significant security vulnerability that allows site administrators on multisite installations to exploit the lack of access restrictions. This flaw could enable unauthorized individuals to gain extensive control over the server, raising concerns about data integrity and confidentiality. Administrators should investigate and apply the necessary updates to mitigate potential risks.",Wordpress,Fileorganizer,7.2,HIGH,0.0008900000248104334,false,,false,false,false,,false,false,2023-09-25T16:15:00.000Z,0