Shared Files Plugin Vulnerability - CVE-2025-4392

If you are using the Shared Files – Frontend File Upload Form & Secure File Sharing plugin <= 1.7.48, now is the right time to get that update on your website.

The new vulnerability was published on June 2, 2025, and the plugin was last patched a day after.

The CVSS score is pretty high, 7.2, so it's advised that you update the plugin immediately.

Due to improper file upload sanitization, unauthenticated attackers can bypass the file upload protection and freely upload files to your server.

The patched version is 1.7.49. More vulnerability info at CVE.

Need help? Feel free to reach out or check my services.