Vulnerabilities > Filemanagerpro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2018-25105 | Missing Authorization vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. | 9.8 |
| 2024-10-16 | CVE-2024-8507 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-8746 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-8918 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. | 5.4 |
| 2024-02-05 | CVE-2023-6846 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. | 8.8 |
| 2019-04-15 | CVE-2018-16967 | Cross-site Scripting vulnerability in Filemanagerpro File Manager 3.0 There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | 6.1 |
| 2019-04-15 | CVE-2018-16966 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager 3.0 There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | 8.8 |
| 2018-09-07 | CVE-2018-16363 | Cross-site Scripting vulnerability in Filemanagerpro File Manager 2.9 The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | 5.4 |