CVE-2018-25105 — CVSS 9.8 (critical): The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in…
CVE-2024-8507 — CVSS 8.8 (high): The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is…
CVE-2018-16966 — CVSS 8.8 (high): There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path…
CVE-2024-1538 — CVSS 8.8 (high): The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due…
CVE-2023-6846 — CVSS 8.8 (high): The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the…
CVE-2024-0761 — CVSS 8.1 (high): The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to…
CVE-2020-24312 — CVSS 7.5 (high): mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This…
CVE-2024-8746 — CVSS 7.5 (high): The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation…
CVE-2024-8918 — CVSS 7.4 (high): The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This…
CVE-2024-2654 — CVSS 6.8 (medium): The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the…
CVE-2018-16967 — CVSS 6.1 (medium): There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path…
CVE-2021-24177 — CVSS 5.4 (medium): In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint…
CVE-2018-16363 — CVSS 5.4 (medium): The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request…