CVE-2024-8988 – PeepSo Core: File Uploads Plugin WordPress Insecure Direct Object Reference

May 14, 2025

CVE ID : CVE-2024-8988

Published : May 14, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download files uploaded by others users and expose potentially sensitive information.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

Next Article CVE-2024-13940 – Ninja Forms Webhooks SSRF Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2024-8988 – PeepSo Core: File Uploads Plugin WordPress Insecure Direct Object Reference

CVE-2024-13940 – Ninja Forms Webhooks SSRF Vulnerability

CVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

Meet LocAgent: Graph-Based AI Agents Transforming Code Localization for Scalable Software Maintenance

Internal vs External Penetration Testing: Key Differences

The best MacBooks of 2025: Expert tested and reviewed

Asserting a JSON Response Structure in Laravel

CVE-2025-47767 – Adobe Flash Unvalidated User Input

CVE-2025-1333 – IBM MQ Container Keycloak Information Disclosure

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

CVE-2025-45779 – Tenda AC10 Unauthenticated Buffer Overflow

CVE-2024-8988 – PeepSo Core: File Uploads Plugin WordPress Insecure Direct Object Reference

Related Posts