WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...

WordPress File Manager Pro plugin <= 8.4.2 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by tiborisaak in WordPress Plugin File Manager Pro versions = 8.4.2...

WordPress File Manager Pro plugin <= 1.8.9 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by tiborisaak in WordPress Plugin File Manager Pro versions = 1.8.9...

WordPress File Manager Plugin <= 8.4.2 is vulnerable to Arbitrary File Deletion

Software File Manager Type Plugin Vulnerable versions = 8.4.2 Fixed in 8.4.3 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2025-0818 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5d1e46fce6a0 Credits tiborisaak Required privilege...

WordPress File Manager Pro – Filester plugin <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 1.8.8...

WordPress File Manager Plugin < 7.2.2 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 3.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 6.5 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 5.2 Multiple SQLi Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress File Manager Plugin < 7.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

WordPress plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8918 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 8b2de26c1b42 Credits TANG Cheuk Hei siunam Required privile...

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale vulnerability

Authenticated Administrator+ Local JavaScript File Inclusion via fmalocale vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

CVE-2024-2654

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the...

WordPress File Manager plugin <= 7.2.5 - Authenticated (Administrator+) Directory Traversal vulnerability

Authenticated Administrator+ Directory Traversal vulnerability discovered by DarkT in WordPress Plugin File Manager versions = 7.2.5...

WordPress File Manager Plugin <= 7.2.5 is vulnerable to Path Traversal

Software File Manager Type Plugin Vulnerable versions = 7.2.5 Fixed in 7.2.6 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2654 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 1c905e547371 Credits DarkT Required privilege Administrator...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

WordPress File Manager Plugin <= 7.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Type Plugin Vulnerable versions = 7.2.4 Fixed in 7.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1538 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8e5b8ea35374 Credits 0xBishop Required...

WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Path Traversal

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2023-6825 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID dab5b86a4777 Credits Tobias Weißhaar kun19 Required privilege...