Description
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.
Remediation
References
Related Vulnerabilities
WordPress Plugin Meks Flexible Shortcodes Cross-Site Scripting (1.3.4)
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9455)