CVE-2024-0761 File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

CVE-2024-0761

CVE-2024-0761 affects the WordPress File Manager plugin. Affected versions include all up to 7.2.1, with a root cause of insufficient randomness in backup filenames (timestamp + 4 random digits). This enables unauthenticated attackers to disclose sensitive data, such as site backups, particularly...

PT-2024-15110 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.4 Description: The issue allows authenticated attackers, with subscriber access and above, to execute code on the server via the mk check filemanager php syntax AJAX...

WordPress Plugin File Manager Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin File Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2025-2386 · Ibm · Ibm Planning Analytics

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics versions 2.0 through 2.1 Description: The issue concerns a malicious file upload weakness due to the lack of file type validation in the File Manager T1 process. This allows attackers to upload malicious executable file...

CVE-2023-48202

Cross-Site Scripting XSS vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component...

Cross site scripting

Cross-Site Scripting XSS vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component...

Sunlight CMS Security Vulnerability

Sunlight CMS is a content management system from Sunlight CMS open source. A security vulnerability exists in Sunlight CMS version 8.0.1. An attacker exploited the vulnerability to escalate privileges via a specially crafted SVG file in the File Manager component...

CVE-2023-48202

Cross-Site Scripting XSS vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component...

CVE-2023-48202

CVE-2023-48202 affects Sunlight CMS 8.0.1. An authenticated low-privileged user can escalate privileges via a crafted SVG file in the File Manager component, exploiting an XSS flaw. The vulnerability is documented across multiple feeds (NVD, Red Hat, OSV, CNNVD, etc.). Remediation guidance observ...

File Manager < 7.2.2 - Sensitive Information Exposure via Backup Filenames

Description The plugin is vulnerable to Sensitive Information Exposure due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where...

High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin

On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated...

WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6846 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f7afa0b6cb70 Credits Tobias Weißhaar kun19 Required privileg...

File Manager Pro < 8.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

Description The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the...

WordPress File Manager Plugin <= 7.2.1 is vulnerable to Sensitive Data Exposure

Software File Manager Type Plugin Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0761 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8a9bf85057b9 Credits Yuki Haruma Required privileg...

VulnCheck KEV: CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects...

PT-2024-14334 · Actidata · Actinas Sl 2U-8 Rdx

Name of the Vulnerable Software and Affected Versions: actidata actiNAS SL 2U-8 RDX version 3.2.03-SP1 Description: A Site-wide directory listing issue in the /fm endpoint allows remote attackers to list the files hosted by the web application. This issue enables attackers to gain unauthorized...

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...