VYPR

File Manager

by WordPress

Source repositories

CVEs (12)

  • CVE-2024-1538HigMar 21, 2024
    risk 0.51cvss 8.8epss 0.11

    The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it…

  • CVE-2024-0761HigFeb 5, 2024
    risk 0.46cvss 8.1epss 0.01

    The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated…

  • CVE-2018-7204HigMar 7, 2018
    risk 0.42cvss 7.5epss 0.03

    inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not…

  • CVE-2022-47599MedDec 20, 2023
    risk 0.36cvss 5.5epss 0.01

    Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File…

  • CVE-2018-16363MedSep 7, 2018
    risk 0.28cvss 5.4epss 0.01

    The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.

  • CVE-2019-6447Jan 16, 2019
    risk 0.09cvss epss 0.62

    The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once,…

  • CVE-2018-25105Oct 16, 2024
    risk 0.00cvss epss 0.01

    The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and…

  • CVE-2023-5907Dec 11, 2023
    risk 0.00cvss epss 0.01

    The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators…

  • CVE-2021-24177Apr 5, 2021
    risk 0.00cvss epss 0.01

    In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web…

  • CVE-2021-20651Feb 12, 2021
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.

  • CVE-2020-35173Dec 30, 2020
    risk 0.00cvss epss 0.02

    The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).

  • CVE-2018-16967Apr 15, 2019
    risk 0.00cvss epss 0.01

    There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.