Vulnerabilities > Filemanagerpro > File Manager > 2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2018-25105 | Missing Authorization vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. | 9.8 |
| 2024-10-16 | CVE-2024-8507 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-8746 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-8918 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. | 5.4 |
| 2024-02-05 | CVE-2024-0761 | Use of Insufficiently Random Values vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. | 7.5 |
| 2024-02-05 | CVE-2023-6846 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. | 8.8 |
| 2021-04-05 | CVE-2021-24177 | Cross-site Scripting vulnerability in Filemanagerpro File Manager In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. | 5.4 |
| 2020-08-26 | CVE-2020-24312 | Files or Directories Accessible to External Parties vulnerability in Filemanagerpro File Manager mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. | 7.5 |