Primary

Context

PeepSo Core File Uploads Insecure Direct Object Reference Vulnerability Allowing Unauthenticated Sensitive Information Exposure

Vulnerability

A vulnerability exists in the PeepSo Core: File Uploads plugin for WordPress, in all versions through 6.4.6.0. The issue is an Insecure Direct Object Reference (IDOR) that allows unauthenticated attackers to access files uploaded by other users through the file_download REST API endpoint. This vulnerability arises from inadequate validation of user-controlled keys, potentially leading to the exposure of sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized access to files uploaded by other users, potentially exposing sensitive information.

Remediation

Users can update to version 6.4.6.1 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PeepSo Core File Uploads Insecure Direct Object Reference Vulnerability Allowing Unauthenticated Sensitive Information Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating