Shared Files < 1.7.29 – Unauthenticated Sensitive Information Exposure | CVE 2024-43230 | Plugin Vulnerabilities

Description

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.28 via the export functionality and lack of protected directory. This makes it possible for unauthenticated attackers to extract sensitive data information from export files generated by the plugin.

Affects Plugins

Fixed in 1.7.29

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ae2b7d-e48d-4880-9202-6e564a3b404f

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

74e8724d-91fa-4517-ac84-c800fd601047

Timeline

Publicly Published

2024-08-09 (about 1 year ago)

Added

2024-08-13 (about 1 year ago)

Last Updated

2024-08-13 (about 1 year ago)

Other

Published

Title

Published

2025-08-14

Title

Awesome Support < 6.3.7 - Information Exposure

Published

2023-06-26

Title

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor < 3.8.0 - Sensitive Data Disclosure

Published

2025-12-31

Title

Gerencianet Oficial <= 3.1.3 - Unauthenticated Information Exposure

Published

2024-02-26

Title

Tainacan < 0.20.7 - Unauthenticated Sensitive Information Exposure

Published

2024-08-14

Title

Newsletters < 4.9.9.1 - Unauthenticated Full Path Disclosure