Filemanagerpro File Manager vulnerabilities

CVE-2018-25105 [CRITICAL] CWE-862 CVE-2018-25105: The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capabi The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.

CVE-2024-8507 [HIGH] CWE-352 CVE-2024-8507: The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all version The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a s

CVE-2024-8746 [HIGH] CWE-434 CVE-2024-8746: The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploa The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to

CVE-2024-8918 [MEDIUM] CWE-434 CVE-2024-8918: The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all ver The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored

CVE-2024-2654 [MEDIUM] CWE-35 CVE-2024-2654: The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.

CVE-2024-1538 [HIGH] CWE-352 CVE-2024-1538: The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can b

CVE-2023-6846 [HIGH] CWE-94 CVE-2023-6846: The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents us

CVE-2024-0761 [HIGH] CWE-330 CVE-2024-0761: The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all version The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations wher

CVE-2021-24177 [MEDIUM] CWE-79 CVE-2021-24177: In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can oc In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.

CVE-2020-25213 [CRITICAL] CWE-434 CVE-2020-25213: The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content

CVE-2020-24312 [HIGH] CWE-552 CVE-2020-24312: mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups dire mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.

CVE-2018-16966 [HIGH] CWE-352 CVE-2018-16966: There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

CVE-2018-16967 [MEDIUM] CWE-79 CVE-2018-16967: There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

CVE-2018-16363 [MEDIUM] CWE-79 CVE-2018-16363: The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.