Vulnerabilities > Advancedfilemanager

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-8126 Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8.
network
low complexity
advancedfilemanager CWE-434
8.8
2024-09-26 CVE-2024-8704 Path Traversal vulnerability in Advancedfilemanager Advanced File Manager
The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter.
network
low complexity
advancedfilemanager CWE-22
7.2
2024-09-26 CVE-2024-8725 Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager
Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions.
network
low complexity
advancedfilemanager CWE-434
5.4
2023-09-04 CVE-2023-3814 Incorrect Authorization vulnerability in Advancedfilemanager Advanced File Manager
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.
network
low complexity
advancedfilemanager CWE-863
4.9
2023-06-27 CVE-2023-2068 Unspecified vulnerability in Advancedfilemanager File Manager Advanced Shortcode 2.3.2
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode.
network
low complexity
advancedfilemanager
critical
9.8