XSS Vulnerability in Shared Files Plugin for WordPress
CVE-2025-4392
7.2HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 June 2025
What is CVE-2025-4392?
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin is prone to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping during html file uploads. This vulnerability allows unauthenticated attackers to circumvent the plugin's MIME-type checks, enabling them to inject malicious web scripts. These scripts can execute when users access the compromised html files, potentially leading to further attacks and exploitation of the website.
Affected Version(s)
Shared Files – Frontend File Upload Form & Secure File Sharing * <= 1.7.48