The File Manager Pro WordPress plugin prior to 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows malicious users to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ninjateam filester |