Unrated severityNVD Advisory· Published Dec 19, 2024· Updated Apr 8, 2026
File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation
CVE-2024-12331
Description
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=1.8.6
- ninjateam/File Manager Pro – Filesterv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.