Lucene search
K

151 matches found

NVD
NVD
added 2024/10/16 7:15 a.m.13 views

CVE-2024-8507

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...

8.8CVSS0.00229EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 7:15 a.m.16 views

CVE-2024-8918

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...

7.4CVSS0.00314EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 7:15 a.m.16 views

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

8.8CVSS0.00594EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.14 views

CVE-2024-8507 File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...

8.8CVSS0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.14 views

CVE-2024-8507 File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mkfilefoldermanager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrar...

8.8CVSS6.7AI score0.00229EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 6:43 a.m.56 views

CVE-2024-8746

CVE-2024-8746 affects the WordPress plugin File Manager Pro (versions ≤ 8.3.9). The vulnerability stems from missing file type validation in the mk_file_folder_manager_shortcode AJAX action, allowing unauthenticated attackers (if granted admin-approval) to download and upload arbitrary backup fil...

8.8CVSS8.6AI score0.00594EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.16 views

CVE-2024-8746 File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

7.5CVSS0.00594EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 6:43 a.m.62 views

CVE-2024-8918

CVE-2024-8918 affects the File Manager Pro WordPress plugin up to version 8.3.9. Root cause: insufficient checks on allowed file types permit unauthenticated attackers (with admin-granted permissions) to upload .css/.js files, enabling Stored Cross-Site Scripting. Impact: potential data/website s...

7.4CVSS6.1AI score0.00314EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.12 views

CVE-2024-8918 File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...

7.4CVSS6.7AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.17 views

CVE-2024-8918 File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...

7.4CVSS0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.2 views

WordPress plugin File Manager Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

7.4CVSS6.9AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.4 views

WordPress plugin File Manager Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS6.9AI score0.00594EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.3 views

WordPress plugin File Manager Pro 请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.6AI score0.00229EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/15 9:22 p.m.5 views

WordPress File Manager Pro plugin <= 8.3.9 - Unauthenticated Limited JavaScript File Upload vulnerability

Unauthenticated Limited JavaScript File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 8.3.9...

7.4CVSS7AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 8:39 p.m.4 views

WordPress File Manager Pro plugin <= 8.3.9 - Unauthenticated Backup File Download and Upload vulnerability

Unauthenticated Backup File Download and Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 8.3.9...

8.8CVSS7AI score0.00594EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 8:34 p.m.4 views

WordPress File Manager Pro plugin <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 8.3.9...

8.8CVSS7AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.19 views

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

8.8CVSS8.8AI score0.00229EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.16 views

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8918 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 8b2de26c1b42 Credits TANG Cheuk Hei siunam Required privile...

7.4CVSS7.2AI score0.00314EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-39319 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.9 Description: The issue is due to a lack of proper checks on allowed file types, making it possible for unauthenticated attackers, with permissions granted by an...

7.4CVSS6.8AI score0.00314EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.12 views

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Broken Access Control

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8746 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 037debfe30cc Credits TANG Cheuk Hei siunam...

8.8CVSS6.8AI score0.00594EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder