Advanced File Manager
by WordPress
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5598 | Hig | 0.42 | 7.5 | 0.01 | Jun 29, 2024 | The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups… | ||
| CVE-2024-13333 | 0.00 | — | 0.01 | Jan 17, 2025 | The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and… | |||
| CVE-2024-11391 | 0.00 | — | 0.01 | Dec 3, 2024 | The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with… | |||
| CVE-2024-8126 | 0.00 | — | 0.01 | Sep 26, 2024 | The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted… | |||
| CVE-2024-8704 | 0.00 | — | 0.01 | Sep 26, 2024 | The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include… | |||
| CVE-2023-3814 | 0.00 | — | 0.01 | Sep 4, 2023 | The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. |
- risk 0.42cvss 7.5epss 0.01
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups…
- CVE-2024-13333Jan 17, 2025risk 0.00cvss —epss 0.01
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and…
- CVE-2024-11391Dec 3, 2024risk 0.00cvss —epss 0.01
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with…
- CVE-2024-8126Sep 26, 2024risk 0.00cvss —epss 0.01
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted…
- CVE-2024-8704Sep 26, 2024risk 0.00cvss —epss 0.01
The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include…
- CVE-2023-3814Sep 4, 2023risk 0.00cvss —epss 0.01
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.