Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/08/23 2:31 a.m.13 views

CVE-2024-7559 File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mkfilefoldermanager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS7.7AI score0.00851EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/23 2:31 a.m.27 views

CVE-2024-7559 File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mkfilefoldermanager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00851EPSS
Exploits0References2
CVE
CVE
added 2024/08/23 2:31 a.m.74 views

CVE-2024-7559

CVE-2024-7559 – File Manager Pro (WordPress) Arbitrary File Upload . The vulnerability arises from missing file type validation and missing capability checks in the mk_file_folder_manager AJAX action across versions up to and including 8.3.7. An authenticated attacker with Subscriber-level access...

8.8CVSS8.9AI score0.00851EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/23 12:0 a.m.7 views

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

8.8CVSS6.8AI score0.00851EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder