CVE-2023-4819

Name of the Vulnerable Software and Affected Versions The Shared Files WordPress plugin versions prior to 1.7.6

Description The issue arises from the plugin not returning the correct Content-Type header for uploaded files, allowing an attacker to upload files with allowed extensions that contain malicious scripts.

Recommendations For versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to trusted users or disabling the file upload feature until the update is applied.