[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHf1iLldkujMt-uKSfuzXD7kX1kisOmJb2t7n6ygUx-g":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":34,"research_started_at":35,"research_completed_at":36,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":37},"CVE-2026-49112","shared-files-frontend-file-upload-form-secure-file-sharing-unauthenticated-path-traversal","Shared Files – Frontend File Upload Form & Secure File Sharing \u003C= 1.7.64 - Unauthenticated Path Traversal","The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.64. This makes it possible for unauthenticated attackers to perform actions on files outside of the originally intended directory.","shared-files",null,"\u003C=1.7.64","1.7.65","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2026-06-05 00:00:00","2026-06-10 17:23:37",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe3e99032-2e71-45bd-99a6-ad0a93c39bc0?source=api-prod",6,[22,23,24,25,26,27,28,29],"README.txt","admin\u002Fclass-sf-admin-allow-more-file-types.php","admin\u002Fclass-sf-admin-contacts.php","admin\u002Fclass-sf-admin-download-log.php","admin\u002Fclass-sf-admin-file-handling.php","admin\u002Fclass-sf-admin-help-support.php","admin\u002Fclass-sf-admin-helpers.php","admin\u002Fclass-sf-admin-list.php","researched",false,3,"# Vulnerability Research Plan: CVE-2026-49112 Unauthenticated Path Traversal\n\n## 1. Vulnerability Summary\nThe **Shared Files – Frontend File Upload Form & Secure File Sharing** plugin (\u003C= 1.7.64) contains an unauthenticated path traversal vulnerability. The vulnerability exists in the handling of the `subdir` parameter during frontend file operations (specifically the file upload process). Unauthenticated users can manipulate this parameter using traversal sequences (e.g., `..\u002F..\u002F`) to cause the plugin to perform file actions (like saving an uploaded file) outside of the intended `\u002Fwp-content\u002Fuploads\u002Fshared-files\u002F` directory.\n\n## 2. Attack Vector Analysis\n- **Endpoint**: `wp-admin\u002Fadmin-ajax.php`\n- **Action**: `shared_files_upload_file` (Unauthenticated AJAX action)\n- **Vulnerable Parameter**: `subdir`\n- **Authentication**: Unauthenticated (accessible via `wp_ajax_nopriv_shared_files_upload_file`)\n- **Preconditions**: The \"Allow visitors to upload files without logging in\" setting must be enabled, or the `[shared_files file_upload=1]` shortcode must be present on a public page.\n\n## 3. Code Flow\n1. **Entry Point**: A user submits a file via the frontend uploader. This triggers a `POST` request to `admin-ajax.php` with the action `shared_files_upload_file`.\n2. **Path Construction**: The plugin calls `","gemini-3-flash-preview","2026-06-26 04:29:58","2026-06-26 04:30:52",{"type":38,"vulnerable_version":39,"fixed_version":11,"vulnerable_browse":40,"vulnerable_zip":41,"fixed_browse":42,"fixed_zip":43,"all_tags":44},"plugin","1.7.64","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fshared-files\u002Ftags\u002F1.7.64","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshared-files.1.7.64.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fshared-files\u002Ftags\u002F1.7.65","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshared-files.1.7.65.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fshared-files\u002Ftags"]