Vulnerabilities > Filemanagerpro > File Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-8507 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-8746 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-02-05 | CVE-2023-6846 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. | 8.8 |
| 2019-04-15 | CVE-2018-16966 | Cross-Site Request Forgery (CSRF) vulnerability in Filemanagerpro File Manager 3.0 There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | 8.8 |