9 matches found
CVE-2023-3814
CVE-2023-3814 affects the WordPress Advanced File Manager plugin prior to 5.1.1. The issue is an access control flaw on multisite setups that allows site administrators to enumerate and read arbitrary files and folders on the server due to inadequate authorization checks. Affected software: Advan...
CVE-2024-11391
CVE-2024-11391 affects the WordPress plugin Advanced File Manager (
CVE-2024-8704
CVE-2024-8704 covers the WordPress plugin “Advanced File Manager” (versions
CVE-2024-5598
CVE-2024-5598 affects the Advanced File Manager WordPress plugin (all versions up to 5.2.4). The root cause is a Sensitive Information Exposure via the fma_local_file_system pathway, enabling unauthenticated attackers to extract backups or other sensitive data if files were moved to Trash. The Wo...
CVE-2025-47688
CVE-2025-47688 concerns the WordPress Advanced File Manager plugin (
CVE-2024-8126
CVE-2024-8126 affects the WordPress plugin Advanced File Manager (versions up to and including 5.2.8). The connected sources confirm an authenticated arbitrary file upload vulnerability via the file class_fma_connector.php that can allow a Subscriber+ attacker (with Administrator-granted permissi...
CVE-2024-8725
CVE-2024-8725 affects the WordPress plugin Advanced File Manager (
CVE-2024-13805
CVE-2024-13805 concerns the Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin for WordPress. It is reported as vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 5.2.14 due to insufficient input sanitization and out...
CVE-2024-13333
CVE-2024-13333 affects the WordPress plugin Advanced File Manager (versions 5.2.12–5.2.13). It enables authenticated users with Subscriber-level access (and any admin-granted upload permission) to upload arbitrary files due to missing file type validation in fma_local_file_system, with exploitati...