{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4392", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-06T19:59:49.277Z", "datePublished": "2025-06-03T09:22:03.896Z", "dateUpdated": "2026-04-08T16:49:52.331Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:52.331Z"}, "affected": [{"vendor": "anssilaitila", "product": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.48", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file."}], "title": "Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/469a9c8a-0708-4c93-99d8-e9157a1f91f5?source=cve"}, {"url": "https://github.com/anssilaitila/shared-files/blob/master/admin/class-sf-admin-allow-more-file-types.php"}, {"url": "https://wordpress.org/plugins/shared-files/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3304053/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Martin Martin"}], "timeline": [{"time": "2025-06-02T21:07:01.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-03T13:53:28.990093Z", "id": "CVE-2025-4392", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T13:53:45.351Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4392", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-03T13:53:28.990093Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T13:53:39.769Z"}}], "cna": {"title": "Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function", "credits": [{"lang": "en", "type": "finder", "value": "Martin Martin"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "anssilaitila", "product": "Shared Files \u2013 Frontend File Upload Form & Secure File Sharing", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.48"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-02T21:07:01.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/469a9c8a-0708-4c93-99d8-e9157a1f91f5?source=cve"}, {"url": "https://github.com/anssilaitila/shared-files/blob/master/admin/class-sf-admin-allow-more-file-types.php"}, {"url": "https://wordpress.org/plugins/shared-files/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3304053/"}], "descriptions": [{"lang": "en", "value": "The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-06-03T09:22:03.896Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4392", "state": "PUBLISHED", "dateUpdated": "2025-06-03T13:53:45.351Z", "dateReserved": "2025-05-06T19:59:49.277Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-03T09:22:03.896Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file."}, {"lang": "es", "value": "El complemento Shared Files \u2013 Frontend File Upload Form &amp; Secure File Sharing para WordPress es vulnerable a Cross-Site Scripting Almacenado al subir archivos HTML en todas las versiones hasta la 1.7.48 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida dentro de la funci\u00f3n sanitize_file(). Esto permite a atacantes no autenticados eludir las comprobaciones de solo MIME del complemento e inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario al archivo HTML."}], "id": "CVE-2025-4392", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-03T10:15:22.397", "references": [{"source": "security@wordfence.com", "url": "https://github.com/anssilaitila/shared-files/blob/master/admin/class-sf-admin-allow-more-file-types.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3304053/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/shared-files/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/469a9c8a-0708-4c93-99d8-e9157a1f91f5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:26:54.999843+00:00", "value": {"mitigation_remediation": ["Update the Shared Files plugin to a version newer than 1.7.48", "If a new version is not yet available, disable the file\u2011upload feature or uninstall the plugin entirely", "Configure a web application firewall to block or escape HTML content in uploaded files and strip out script tags", "Check the site\u2019s uploads directory for malicious HTML files and delete any that have been found"], "summary": {"action": "Immediate Patch", "impact": "Stored XSS that allows arbitrary script execution in users\u2019 browsers"}, "threat_synthesis": {"affected_systems": "All WordPress sites that have installed anssilaitila:Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin version 1.7.48 or earlier are vulnerable. The flaw exists in every version up to and including 1.7.48, regardless of configuration, because the sanitize_file() function fails to encode or escape HTML contents before saving the file.", "description_and_impact": "The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing WordPress plugin accepts HTML file uploads without properly sanitizing user content before storing or serving the file. As a result, an attacker can upload a maliciously crafted HTML file that contains executable scripts. When any visitor opens the file, the embedded script runs in their browser, creating a classic stored Cross\u2011Site Scripting attack. This can lead to session hijacking, credential theft, defacement of the site, or delivery of more sophisticated malware payloads.", "risk_and_exploitability": "The CVSS score of 7.2 reflects a high severity from a technical standpoint, while the EPSS score of less than 1% indicates that the likelihood of exploitation is currently low. The vulnerability is not documented in the CISA KEV catalog, so no widespread exploitation has been reported. An attacker needs only unauthenticated access to the public upload form to create a malicious HTML file; any subsequent visitor to that file will trigger the stored XSS. The lack of authentication requirement and the ubiquitous nature of the upload feature make the attack vector simple and the impact potentially widespread across the site\u2019s audience."}}}}, "created": "2026-04-22T01:30:05.236970+00:00", "updated": "2026-04-22T01:30:05.236980+00:00", "vendors": []}