Lucene search
K
FilemanagerproFile Manager

14 matches found

CVE
CVE
added 2020/09/09 12:0 a.m.1364 views

CVE-2020-25213

CVE-2020-25213 affects the WordPress WP-File-Manager plugin (versions 6.0–6.8; remediation to 6.9+). Root cause: renaming an unsafe elFinder connector file to .php allowed unauthenticated remote code execution via the plugin’s file-upload mechanism, enabling commands to write PHP into wp-content/...

10CVSS9.8AI score0.97328EPSS
In wild
CVE
CVE
added 2024/02/05 9:21 p.m.121 views

CVE-2024-0761

CVE-2024-0761 affects the WordPress File Manager plugin. Affected versions include all up to 7.2.1, with a root cause of insufficient randomness in backup filenames (timestamp + 4 random digits). This enables unauthenticated attackers to disclose sensitive data, such as site backups, particularly...

8.1CVSS7.8AI score0.01029EPSS
CVE
CVE
added 2024/04/09 6:59 p.m.110 views

CVE-2024-2654

CVE-2024-2654 refers to the WordPress File Manager plugin, affecting all versions up to 7.2.5. It enables Directory Traversal via fm_download_backup, allowing an authenticated attacker with administrator privileges to read the contents of arbitrary zip files on the server, potentially exposing se...

6.8CVSS8.9AI score0.00911EPSS
CVE
CVE
added 2020/08/26 12:47 p.m.89 views

CVE-2020-24312

Summary: WordPress File Manager (wp-file-manager) plugin versions ≤ 6.4 are vulnerable to a backup disclosure due to failing to restrict access to the fm_backups directory via .htaccess, allowing unauthenticated users to browse/download site backups (potentially full database backups). Root cause...

7.5CVSS7.4AI score0.15906EPSS
CVE
CVE
added 2024/02/05 9:27 p.m.84 views

CVE-2023-6846

The File Manager Pro WordPress plugin (wp-file-manager-pro) is vulnerable to Arbitrary File Upload in versions up to and including 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. Authenticated users with subscriber access can cause server-side code execution. Version 8.3.5 adds a cap...

8.8CVSS8.5AI score0.15871EPSS
CVE
CVE
added 2024/03/21 3:32 a.m.80 views

CVE-2024-1538

CVE-2024-1538 affects the WordPress File Manager plugin up to version 7.2.4. The root cause is missing or incorrect nonce validation on the wp_file_manager page that includes files via the 'lang' parameter, enabling unauthenticated attackers to cause local JavaScript inclusion and potentially ach...

8.8CVSS8.4AI score0.10651EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.69 views

CVE-2018-25105

The CVE concerns the WordPress File Manager plugin (versions up to 3.0). A missing capability check in /inc/root.php enables an authorization bypass, allowing unauthenticated actors to download arbitrary server files and upload arbitrary files that can be used for remote code execution. The root ...

9.8CVSS9.9AI score0.0078EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.63 views

CVE-2024-8918

CVE-2024-8918 affects the File Manager Pro WordPress plugin up to version 8.3.9. Root cause: insufficient checks on allowed file types permit unauthenticated attackers (with admin-granted permissions) to upload .css/.js files, enabling Stored Cross-Site Scripting. Impact: potential data/website s...

7.4CVSS6.1AI score0.00314EPSS
CVE
CVE
added 2021/04/05 6:27 p.m.61 views

CVE-2021-24177

CVE-2021-24177: Reflected XSS in the WordPress File Manager plugin (pre-7.1) on /wp-admin/admin.php?page=wp_file_manager_properties where a payload submitted in the User-Agent header is reflected in the response. Affected product: WordPress File Manager plugin (default configuration). CVSS eviden...

5.4CVSS5.3AI score0.00898EPSS
CVE
CVE
added 2019/04/15 8:37 p.m.60 views

CVE-2018-16966

CVE-2018-16966 concerns the WordPress plugin “mndpsingh287 File Manager” (v3.0) where a CSRF vulnerability exists via the page=wp_file_manager_root public_path parameter. The issue allows an attacker to trigger actions on behalf of a logged-in user (requires user interaction per CVSS3) without au...

8.8CVSS8.6AI score0.00919EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.57 views

CVE-2024-8507

The CVE-2024-8507 entry concerns the WordPress plugin File Manager Pro (

8.8CVSS8.5AI score0.00229EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.57 views

CVE-2024-8746

CVE-2024-8746 affects the WordPress plugin File Manager Pro (versions ≤ 8.3.9). The vulnerability stems from missing file type validation in the mk_file_folder_manager_shortcode AJAX action, allowing unauthenticated attackers (if granted admin-approval) to download and upload arbitrary backup fil...

8.8CVSS8.6AI score0.00594EPSS
CVE
CVE
added 2019/04/15 8:39 p.m.53 views

CVE-2018-16967

CVE-2018-16967 concerns a reflected XSS in the mndpsingh287 File Manager plugin for WordPress (v3.0) exploitable via the public_path parameter on the wp_file_manager_root page. Multiple sources reiterate that an attacker can inject arbitrary JavaScript through this parameter, potentially affectin...

6.1CVSS6.2AI score0.01365EPSS
CVE
CVE
added 2018/09/07 10:0 p.m.45 views

CVE-2018-16363

CVE-2018-16363 affects the WordPress plugin mndpsingh287 File Manager (v2.9) and is triggered via the lang parameter in the admin interface (wp-admin/admin.php?page=wp_file_manager). The root cause is the use of set_transient in file_folder_manager.php and an echo of the lang value in lib/wpfilem...

5.4CVSS5.2AI score0.01383EPSS