Vulnerabilities > Ninjateam > Filester > 1.7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2024-12331 | Missing Authorization vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. | 4.3 |
| 2024-11-28 | CVE-2024-8066 | Unspecified vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. | 8.8 |
| 2024-11-28 | CVE-2024-9669 | Path Traversal vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. | 7.2 |
| 2024-08-03 | CVE-2024-7031 | Unspecified vulnerability in Ninjateam Filester The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. | 8.8 |
| 2023-10-16 | CVE-2023-4862 | Unspecified vulnerability in Ninjateam Filester The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. | 4.8 |
| 2023-10-16 | CVE-2023-4827 | Unspecified vulnerability in Ninjateam Filester The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. | 8.8 |