3 matches found
CVE-2024-8746
CVE-2024-8746 affects the WordPress plugin File Manager Pro (versions ≤ 8.3.9). The vulnerability stems from missing file type validation in the mk_file_folder_manager_shortcode AJAX action, allowing unauthenticated attackers (if granted admin-approval) to download and upload arbitrary backup fil...
CVE-2024-8746 File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...
WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Broken Access Control
Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8746 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 037debfe30cc Credits TANG Cheuk Hei siunam...