5 matches found
CVE-2024-13333
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fmalocalfilesystem' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload...
CVE-2024-13333
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fmalocalfilesystem' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload...
CVE-2024-13333
creationtimestamp| type| source ---|---|--- 2025-01-17 05:36:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113842072385666285 2025-01-17 05:56:42+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2098 2025-01-17 06:15:33+00:00| seen|...
CVE-2024-13333
CVE-2024-13333 affects the WordPress plugin Advanced File Manager (versions 5.2.12–5.2.13). It enables authenticated users with Subscriber-level access (and any admin-granted upload permission) to upload arbitrary files due to missing file type validation in fma_local_file_system, with exploitati...
CVE-2024-13333 Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fmalocalfilesystem' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload...