PT-2023-12448 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to a lack of proper handling of user IDs, making it accessible to visitors. This allows unauthenticated or authenticated attacker...

PT-2023-12476 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to Unauthenticated Stored Cross-Site Scripting due to lacking authentication protections and sanitization on the wpfm edit file...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-12479 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to lacking capability checks and a security nonce in the wpfm save settings AJAX action. This allows subscriber-level attackers t...

PT-2023-12465

Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin for WordPress versions up to and including 18.2 Description The issue is related to a lack of authentication protections, capability checks, and sanitization in the wpfm file meta update AJAX action. This allows...

PT-2023-12460 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to and including 18.2 Description: The issue arises from lacking authentication protections, capability checks, and sanitization on the wpfm file meta update AJAX action. This allows...

PT-2023-12459 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to Unauthenticated HTML Injection due to lacking authentication protections on the wpfm send file in email AJAX action. This allo...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-12480 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authorization protections, checks against users editing other's posts, and a missing security nonce on the "wpfm edit fi...

WordPress WP File Manager 7.1.7 Backup Disclosure

==================================================================================================================================== | Title : WordPress - wp file manager pro 7.1.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

File Manager Advanced Shortcode 2.3.2 Remote Code Execution

Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution RCE Date: 05/31/2023 Exploit Author: Mateus Machado Tesser Vendor Homepage: https://advancedfilemanager.com/ Version: File Manager Advanced Shortcode 2.3.2 Tested on: Wordpress 6.1 / Linux Ubuntu 5.15 CVE...

WordPress plugin Advanced File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution RCE Date: 05/31/2023 Exploit Author: Mateus Machado Tesser Vendor Homepage: https://advancedfilemanager.com/ Version: File Manager Advanced Shortcode 2.3.2 Tested on: Wordpress 6.1 / Linux Ubuntu 5.15 CVE...

PT-2023-3996 · Unknown · Cloudpanel

Name of the Vulnerable Software and Affected Versions: CloudPanel versions 2.0.0 through 2.3.0 CloudPanel version 2.3.0 Description: The issue is related to insufficient access control in the File Manager component of CloudPanel, specifically when handling clp-fm cookie files without verifying...

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. PoC 1. Add the following shortcode to ...

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 1. Add the following shortcode to a...

Design/Logic Flaw

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions...

kodbox 安全漏洞

kodbox is a network file manager. A security vulnerability exists in kodbox versions 1.2.x through 1.3.7, which stems from the presence of sensitive information disclosure issues...

CVE-2023-29657

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions...

PT-2023-22353 · Extplorer · Extplorer

Name of the Vulnerable Software and Affected Versions: eXtplorer version 2.1.15 Description: The issue allows for insecure permissions, specifically through the file upload feature in the file manager. This vulnerability enables the upload of zip files that contain PHP pages, which can lead to...