Mndpsingh287 File Manager vulnerabilities

CVE-2024-37254 [MEDIUM] CWE-862 CVE-2024-37254: Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Confi Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.

CVE-2018-25105 [CRITICAL] CWE-862 CVE-2018-25105: The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capabi The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.

CVE-2024-2654 [MEDIUM] CWE-35 CVE-2024-2654: The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.

CVE-2024-1538 [HIGH] CWE-352 CVE-2024-1538: The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can b

CVE-2023-6825 [CRITICAL] CWE-23 CVE-2023-6825: The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files

CVE-2024-0761 [HIGH] CWE-330 CVE-2024-0761: The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all version The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations wher