2 matches found
CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload
Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...
WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload
Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8725 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID 8ea10462dd56 Credits TANG Cheuk Hei siunam Required...