Share
## https://sploitus.com/exploit?id=WPEX-ID:C17F2534-D791-4FE3-B45B-875777585DC6
1. Create a private folder that contains a file that you intend keep secret.
2. Add the plugin shortcode `[upf_manager]` to a post.
3. Access a file that you have access to and intercept the request.
4. Manipulate the `doc_id` to contain the number of of a file that you want to access (this will be random), for example: `doc_5712`
5. See that the response discloses the file when the user doesn't have access to it: `{"doc_ttl":"secret-image.jpg","doc_src":"https:\/\/example.com\/wp-content\/uploads\/upf-docs\/usr1_1694106985_secret-image.jpg","doc_desc":"","file_type":"img","cmnts_html":"","author":"admin@example.com"}`
6. The file can then be directly downloaded.

Note: The `fldr_id` can also be manipulated.