Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninjateam filester vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-4861
The File Manager Pro WordPress plugin prior to 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.
Ninjateam Filester
4.8
CVSSv3
CVE-2023-4862
The File Manager Pro WordPress plugin prior to 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.
Ninjateam Filester
8.8
CVSSv3
CVE-2023-4827
The File Manager Pro WordPress plugin prior to 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows malicious users to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading ...
Ninjateam Filester
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started