Vulnerabilities > Filemanagerpro > File Manager > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-0761 | Use of Insufficiently Random Values vulnerability in Filemanagerpro File Manager The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. | 7.5 |
| 2024-02-05 | CVE-2023-6846 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. | 8.8 |
| 2021-04-05 | CVE-2021-24177 | Cross-site Scripting vulnerability in Filemanagerpro File Manager In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. | 5.4 |
| 2020-08-26 | CVE-2020-24312 | Files or Directories Accessible to External Parties vulnerability in Filemanagerpro File Manager mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. | 7.5 |