3 matches found
CVE-2024-12331
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-12331 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-12331
Vulnerability in File Manager Pro – Filester for WordPress (CVE-2024-12331): a missing capability check in ajax_install_plugin allows authenticated users with Subscriber+ access to install the Filebird plugin, enabling unauthorized data modification. Affected versions: all up to and including 1.8...