Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webdesi9 file manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2024-0761
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attacke...
Webdesi9 File Manager
5.4
CVSSv3
CVE-2021-24177
In the default configuration of the File Manager WordPress plugin prior to 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web app...
Webdesi9 File Manager
9.8
CVSSv3
CVE-2020-25213
The File Manager (wp-file-manager) plugin prior to 6.9 for WordPress allows remote malicious users to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows malicious users to run th...
Webdesi9 File Manager
12 Github repositories
7.5
CVSSv3
CVE-2020-24312
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the ...
Webdesi9 File Manager
6.1
CVSSv3
CVE-2018-16967
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
Webdesi9 File Manager 3.0
8.8
CVSSv3
CVE-2018-16966
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
Webdesi9 File Manager 3.0
5.4
CVSSv3
CVE-2018-16363
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.
Webdesi9 File Manager 2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started