Advanced File Manager@* Security Vulnerabilities and Issues — Advanced File Manager@* CVE List

Lucene search

AdvancedfilemanagerAdvanced File Manager*

9 matches found

CVE•added 2024/12/03 3:15 p.m.•55 views

CVE-2024-11391

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

7.5CVSS7.8AI score0.01298EPSS

CVE•added 2023/09/04 12:15 p.m.•52 views

CVE-2023-3814

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

4.9CVSS5.4AI score0.00157EPSS

CVE•added 2024/06/29 5:15 a.m.•49 views

CVE-2024-5598

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive in...

7.5CVSS7.6AI score0.00467EPSS

CVE•added 2024/09/26 11:15 a.m.•45 views

CVE-2024-8704

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

7.2CVSS7.5AI score0.0222EPSS

CVE•added 2024/09/26 11:15 a.m.•43 views

CVE-2024-8725

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with Subscri...

6.8CVSS6AI score0.00111EPSS

CVE•added 2025/05/07 3:16 p.m.•43 views

CVE-2025-47688

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.

9.8CVSS5.3AI score0.00046EPSS

CVE•added 2024/09/26 11:15 a.m.•41 views

CVE-2024-8126

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Admini...

8.8CVSS8.4AI score0.03608EPSS

CVE•added 2025/01/17 6:15 a.m.•39 views

CVE-2024-13333

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload perm...

7.5CVSS7.8AI score0.00981EPSS

CVE•added 2025/03/07 10:15 a.m.•37 views

CVE-2024-13805

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it possi...

6.4CVSS5.9AI score0.00043EPSS