CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/01/17 12:0 a.m.•4 views

WordPress plugin Advanced File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

7.5CVSS8.4AI score0.00879EPSS

Patchstack•added 2025/01/16 7:31 p.m.•3 views

WordPress Advanced File Manager plugin 5.2.12-5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions 5.2.12-5.2.13...

7.5CVSS7AI score0.00879EPSS

OSV•added 2024/12/03 3:15 p.m.•2 views

CVE-2024-11391

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

7.5CVSS7.9AI score0.00681EPSS

Exploits0References2

Patchstack•added 2024/12/03 1:26 a.m.•3 views

WordPress Advanced File Manager plugin <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Joshua Provoste in WordPress Plugin Advanced File Manager versions = 5.2.10...

7.5CVSS7AI score0.00681EPSS

Positive Technologies•added 2024/12/03 12:0 a.m.•5 views

PT-2024-16954 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to and including 5.2.10 Description: The issue arises from missing file type validation via the 'class fma connector.php' file, allowing authenticated attackers with Subscriber-level acce...

7.5CVSS8.2AI score0.00681EPSS

Exploits0References8

CNNVD•added 2024/12/03 12:0 a.m.•7 views

WordPress plugin Advanced File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

7.5CVSS8.4AI score0.00681EPSS

Exploits0References2

OSV•added 2024/09/26 11:15 a.m.•1 views

CVE-2024-8126

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an...

8.8CVSS6.4AI score0.0092EPSS

OSV•added 2024/09/26 11:15 a.m.•1 views

CVE-2024-8704

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fmalocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrar...

7.2CVSS6.3AI score

NVD•added 2024/09/26 11:15 a.m.•16 views

CVE-2024-8126

8.8CVSS0.0092EPSS

Cvelist•added 2024/09/26 10:59 a.m.•22 views

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

6.8CVSS0.00352EPSS

Vulnrichment•added 2024/09/26 10:59 a.m.•23 views

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

6.8CVSS6.5AI score0.00352EPSS

CVE•added 2024/09/26 10:59 a.m.•57 views

CVE-2024-8725

CVE-2024-8725 affects the WordPress plugin Advanced File Manager (

6.8CVSS6AI score0.00352EPSS

Exploits0References4Affected Software1

Patchstack•added 2024/09/26 1:44 a.m.•5 views

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

8.8CVSS7AI score0.0092EPSS

Patchstack•added 2024/09/26 1:26 a.m.•4 views

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload vulnerability

Authenticated Subscriber+ Limited File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

6.8CVSS7AI score0.00352EPSS

Positive Technologies•added 2024/09/26 12:0 a.m.•4 views

PT-2024-39184 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.8 Description: The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion via the fma locale parameter. This allows authenticat...

7.2CVSS7.7AI score0.00855EPSS

Exploits0References11

CNNVD•added 2024/09/26 12:0 a.m.•3 views

WordPress plugin Advanced File Manager 代码问题漏洞

8.8CVSS6.9AI score0.0092EPSS

CNNVD•added 2024/09/26 12:0 a.m.•4 views

WordPress plugin Advanced File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS6.8AI score0.00855EPSS