Lucene search
K
AdvancedfilemanagerAdvanced File Manager

9 matches found

CVE
CVE
added 2023/09/04 11:27 a.m.75 views

CVE-2023-3814

CVE-2023-3814 affects the WordPress Advanced File Manager plugin prior to 5.1.1. The issue is an access control flaw on multisite setups that allows site administrators to enumerate and read arbitrary files and folders on the server due to inadequate authorization checks. Affected software: Advan...

4.9CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2024/12/03 2:34 p.m.75 views

CVE-2024-11391

CVE-2024-11391 affects the WordPress plugin Advanced File Manager (

7.5CVSS7.8AI score0.00681EPSS
CVE
CVE
added 2024/09/26 10:59 a.m.71 views

CVE-2024-8704

CVE-2024-8704 covers the WordPress plugin “Advanced File Manager” (versions

7.2CVSS7.5AI score0.00879EPSS
CVE
CVE
added 2024/06/29 4:33 a.m.69 views

CVE-2024-5598

CVE-2024-5598 affects the Advanced File Manager WordPress plugin (all versions up to 5.2.4). The root cause is a Sensitive Information Exposure via the fma_local_file_system pathway, enabling unauthenticated attackers to extract backups or other sensitive data if files were moved to Trash. The Wo...

7.5CVSS7.6AI score0.00561EPSS
CVE
CVE
added 2025/05/07 2:20 p.m.68 views

CVE-2025-47688

CVE-2025-47688 concerns the WordPress Advanced File Manager plugin (

9.8CVSS7.2AI score0.00326EPSS
CVE
CVE
added 2024/09/26 10:59 a.m.64 views

CVE-2024-8126

CVE-2024-8126 affects the WordPress plugin Advanced File Manager (versions up to and including 5.2.8). The connected sources confirm an authenticated arbitrary file upload vulnerability via the file class_fma_connector.php that can allow a Subscriber+ attacker (with Administrator-granted permissi...

8.8CVSS8.4AI score0.00946EPSS
CVE
CVE
added 2024/09/26 10:59 a.m.61 views

CVE-2024-8725

CVE-2024-8725 affects the WordPress plugin Advanced File Manager (

6.8CVSS6AI score0.00357EPSS
CVE
CVE
added 2025/03/07 9:21 a.m.52 views

CVE-2024-13805

CVE-2024-13805 concerns the Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin for WordPress. It is reported as vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 5.2.14 due to insufficient input sanitization and out...

6.4CVSS5.9AI score0.00253EPSS
CVE
CVE
added 2025/01/17 5:29 a.m.50 views

CVE-2024-13333

CVE-2024-13333 affects the WordPress plugin Advanced File Manager (versions 5.2.12–5.2.13). It enables authenticated users with Subscriber-level access (and any admin-granted upload permission) to upload arbitrary files due to missing file type validation in fma_local_file_system, with exploitati...

7.5CVSS7.8AI score0.00879EPSS