WordPress Advanced File Manager plugin 5.2.12-5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions 5.2.12-5.2.13...

Exploit for CVE-2024-8743

CVE-2024-8743 PoC Background Proof-of-Concept script for...

Exploit for Code Injection in Bitapps File_Manager

CVE-2024-7627-PoC Background This Proof-of-Concept PoC...

WordPress File Manager Pro – Filester plugin <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Filebird Plugin Installation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin File Manager Pro versions = 1.8.6...

CVE-2024-12331

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-12331

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-12331

Vulnerability in File Manager Pro – Filester for WordPress (CVE-2024-12331): a missing capability check in ajax_install_plugin allows authenticated users with Subscriber+ access to install the Filebird plugin, enabling unauthorized data modification. Affected versions: all up to and including 1.8...

CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

PT-2024-17547 · WordPress · File Manager Pro – Filester +1

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to install the Filebird plugin due to a missing capability chec...

Syncfusion Essential Studio for ASP.NET MVC 安全漏洞

Syncfusion Essential Studio for ASP.NET MVC is a set of server-side wrappers powered by Essential JavaScript from Syncfusion. A security vulnerability exists in Syncfusion Essential Studio for ASP.NET MVC prior to version 27.1.55, which stems from a traversal issue with the file manager in...

PT-2024-36623 · Syncfusion · Syncfusion Essential Studio

Name of the Vulnerable Software and Affected Versions: Syncfusion Essential Studio for ASP.NET MVC versions prior to 27.1.55 Description: The issue is related to a traversal problem in the File Manager component, which is connected to the request parameter. This could potentially allow unauthoriz...

CVE-2024-11391

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2024-11391

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2024-11391 Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress Advanced File Manager plugin <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Joshua Provoste in WordPress Plugin Advanced File Manager versions = 5.2.10...

PT-2024-16954 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to and including 5.2.10 Description: The issue arises from missing file type validation via the 'class fma connector.php' file, allowing authenticated attackers with Subscriber-level acce...

WordPress plugin Advanced File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-8066

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted...