File Manager@* Security Vulnerabilities and Issues — File Manager@* CVE List

Lucene search

FilemanagerproFile Manager*

10 matches found

CVE•added 2024/02/05 10:16 p.m.•70 views

CVE-2024-0761

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sens...

8.1CVSS7.8AI score0.00437EPSS

CVE•added 2024/04/09 7:15 p.m.•67 views

CVE-2024-2654

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the ser...

6.8CVSS8.9AI score0.01377EPSS

CVE•added 2020/08/26 1:15 p.m.•63 views

CVE-2020-24312

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.

7.5CVSS7.4AI score0.50934EPSS

CVE•added 2024/02/05 10:15 p.m.•59 views

CVE-2023-6846

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Ve...

8.8CVSS8.5AI score0.12717EPSS

CVE•added 2024/03/21 4:15 a.m.•57 views

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

8.8CVSS8.4AI score0.03358EPSS

CVE•added 2024/10/16 7:15 a.m.•46 views

CVE-2018-25105

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files ...

9.8CVSS9.9AI score0.02723EPSS

CVE•added 2021/04/05 7:15 p.m.•41 views

CVE-2021-24177

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.

5.4CVSS5.3AI score0.00244EPSS

CVE•added 2024/10/16 7:15 a.m.•39 views

CVE-2024-8918

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to...

7.4CVSS6.1AI score0.00242EPSS

CVE•added 2024/10/16 7:15 a.m.•36 views

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if gra...

8.8CVSS8.6AI score0.00727EPSS

CVE•added 2024/10/16 7:15 a.m.•34 views

CVE-2024-8507

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitra...

8.8CVSS8.5AI score0.00054EPSS