Vendor
Advancedfilemanager
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-7061 | Hig | 0.58 | 8.8 | 0.16 | Jul 10, 2024 | The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. | |
| CVE-2024-5598 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2024 | The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder. | |
| CVE-2025-47688 | Med | 0.34 | 5.3 | 0.00 | May 7, 2025 | Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1. |