Vulnerabilities > Advancedfilemanager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-8126 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. | 8.8 |
| 2024-09-26 | CVE-2024-8704 | Path Traversal vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. | 7.2 |
| 2024-09-26 | CVE-2024-8725 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. | 5.4 |
| 2024-07-10 | CVE-2023-7061 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager File Manager Advanced Shortcode 2.3.2/2.5.3 The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. | 8.8 |
| 2024-06-29 | CVE-2024-5598 | Unspecified vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. | 7.5 |
| 2023-09-04 | CVE-2023-3814 | Incorrect Authorization vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | 4.9 |
| 2023-06-27 | CVE-2023-2068 | Unspecified vulnerability in Advancedfilemanager File Manager Advanced Shortcode 2.3.2 The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. | 9.8 |