Lucene search
K
FilemanagerproFile Manager*

7 matches found

CVE
CVE
added 2020/09/09 12:0 a.m.1405 views

CVE-2020-25213

CVE-2020-25213 affects the WordPress WP-File-Manager plugin (versions 6.0–6.8; remediation to 6.9+). Root cause: renaming an unsafe elFinder connector file to .php allowed unauthenticated remote code execution via the plugin’s file-upload mechanism, enabling commands to write PHP into wp-content/...

10CVSS9.8AI score0.97328EPSS
In wildWeb
CVE
CVE
added 2024/04/09 6:59 p.m.117 views

CVE-2024-2654

CVE-2024-2654 refers to the WordPress File Manager plugin, affecting all versions up to 7.2.5. It enables Directory Traversal via fm_download_backup, allowing an authenticated attacker with administrator privileges to read the contents of arbitrary zip files on the server, potentially exposing se...

6.8CVSS8.9AI score0.00911EPSS
CVE
CVE
added 2024/03/21 3:32 a.m.83 views

CVE-2024-1538

CVE-2024-1538 affects the WordPress File Manager plugin up to version 7.2.4. The root cause is missing or incorrect nonce validation on the wp_file_manager page that includes files via the 'lang' parameter, enabling unauthenticated attackers to cause local JavaScript inclusion and potentially ach...

8.8CVSS8.4AI score0.10651EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.64 views

CVE-2024-8918

CVE-2024-8918 affects the File Manager Pro WordPress plugin up to version 8.3.9. Root cause: insufficient checks on allowed file types permit unauthenticated attackers (with admin-granted permissions) to upload .css/.js files, enabling Stored Cross-Site Scripting. Impact: potential data/website s...

7.4CVSS6.1AI score0.00314EPSS
CVE
CVE
added 2021/04/05 6:27 p.m.62 views

CVE-2021-24177

CVE-2021-24177: Reflected XSS in the WordPress File Manager plugin (pre-7.1) on /wp-admin/admin.php?page=wp_file_manager_properties where a payload submitted in the User-Agent header is reflected in the response. Affected product: WordPress File Manager plugin (default configuration). CVSS eviden...

5.4CVSS5.3AI score0.00898EPSS
Web
CVE
CVE
added 2024/10/16 6:43 a.m.61 views

CVE-2024-8746

CVE-2024-8746 affects the WordPress plugin File Manager Pro (versions ≤ 8.3.9). The vulnerability stems from missing file type validation in the mk_file_folder_manager_shortcode AJAX action, allowing unauthenticated attackers (if granted admin-approval) to download and upload arbitrary backup fil...

8.8CVSS8.6AI score0.00594EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.59 views

CVE-2024-8507

The CVE-2024-8507 entry concerns the WordPress plugin File Manager Pro (

8.8CVSS8.5AI score0.00229EPSS