CVE-2024-8725

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

CVE-2024-8126

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an...

CVE-2024-8126

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an...

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

CVE-2024-8725

CVE-2024-8725 affects the WordPress plugin Advanced File Manager (

CVE-2024-8704

CVE-2024-8704 covers the WordPress plugin “Advanced File Manager” (versions

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale vulnerability

Authenticated Administrator+ Local JavaScript File Inclusion via fmalocale vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload vulnerability

Authenticated Subscriber+ Limited File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

PT-2024-39184 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.8 Description: The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion via the fma locale parameter. This allows authenticat...

WordPress plugin Advanced File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39204 · WordPress · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress affected versions not specified Description: The issue is due to a lack of proper checks, allowing lower-privileged roles to upload .css and .js files to arbitrary directories. This enables authenticated attackers with...

WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Path Traversal

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-8704 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 6882269240d3 Credits TANG Cheuk Hei siunam Required...

WordPress plugin Advanced File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress plugin Advanced File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8126 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4f8af42b2013 Credits TANG Cheuk Hei siunam Required...

WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8725 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID 8ea10462dd56 Credits TANG Cheuk Hei siunam Required...

PT-2024-38815 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.8 Description: The issue allows authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...