cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11010,https://securityvulnerability.io/vulnerability/CVE-2024-11010,Arbitrary File Inclusion Vulnerability in FileOrganizer Plugin,"The FileOrganizer – Manage WordPress and Website Files plugin contains a vulnerability that allows local JavaScript file inclusion through the 'default_lang' parameter. Authenticated users with Administrator-level access can exploit this flaw to include and execute arbitrary JavaScript files on the server. This exploitation can lead to unauthorized code execution, data breaches, and bypassing of access controls, especially when combined with attack vectors that permit uploading seemingly safe file types, such as images.",Wordpress,Fileorganizer – Manage WordPress And Website Files,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-07T09:27:05.743Z,0
CVE-2024-5599,https://securityvulnerability.io/vulnerability/CVE-2024-5599,Sensitive Information Exposure Vulnerability Affects FileOrganizer Plugin,"The FileOrganizer plugin for WordPress has a vulnerability that allows unauthenticated attackers to access sensitive data, such as backups or other important files. This exposure arises from the 'fileorganizer_ajax_handler' function, which does not adequately protect files moved to the built-in Trash folder. Consequently, if files containing sensitive information are not properly secured, they may be retrieved by malicious actors, leading to potential data breaches.",Wordpress,Fileorganizer – Manage WordPress And Website Files,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-07T12:33:43.953Z,0
CVE-2024-2324,https://securityvulnerability.io/vulnerability/CVE-2024-2324,Stored Cross-Site Scripting Vulnerability in FileOrganizer Plugin,"The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. For the free version, this is limited to administrators. The pro version is also vulnerable and exploitable by administrators, but also offers the functionality to lower level users (as low as subscribers) if enabled.",Wordpress,Fileorganizer – Manage WordPress And Website Files,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:55.087Z,0