CVE-2024-43230: 
WordPress vulnerability analysis and mitigation

A sensitive data exposure vulnerability was discovered in the WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin, affecting versions up to 1.7.28. The vulnerability was reported on July 29, 2024, by Abdi Pranata and published by Patchstack on August 9, 2024. This security issue allows unauthorized actors to access sensitive information that should not be available to regular users (Patchstack Advisory).

The vulnerability has been assigned CVE-2024-43230 and is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It received a CVSS v3.1 base score of 7.5 (HIGH) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Patchstack assigned a CVSS score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability could allow malicious actors to view sensitive information that is normally not accessible to regular users. This exposed information could potentially be leveraged to exploit other weaknesses in the system (Patchstack Advisory).

The vulnerability has been fixed in version 1.7.29 of the plugin. Users are advised to update to version 1.7.29 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack Advisory).