cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12331,https://securityvulnerability.io/vulnerability/CVE-2024-12331,Unauthorized Data Modification Vulnerability in WordPress File Manager Pro Plugin,"CVE-2024-12331 describes a critical security vulnerability in the File Manager Pro - Filester plugin for WordPress. This flaw arises from a missing capability check in the 'ajax_install_plugin' function in all versions up to and including 1.8.6. As a result, authenticated attackers with Subscriber-level or higher access can exploit this vulnerability to install the Filebird plugin without proper authorization, potentially leading to unauthorized changes and breaches. Website administrators are strongly advised to update their plugin versions to ensure website integrity and security.",Wordpress,File Manager Pro – Filester,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-19T11:14:14.862Z,0
CVE-2024-9669,https://securityvulnerability.io/vulnerability/CVE-2024-9669,Vulnerability in File Manager Pro's Filester plugin for WordPress allows arbitrary file inclusion,"The Filester plugin for WordPress, particularly versions up to and including 1.8.5, is susceptible to a Local JavaScript File Inclusion vulnerability. Exploitation of this issue allows authenticated users with Administrator-level access to include and execute arbitrary files on the server. It poses significant risks, enabling the bypassing of access controls, extraction of sensitive data, and execution of malicious PHP code through included files. The vulnerability targets the 'fm_locale' parameter, and while a partial patch was released in version 1.8.5, the potential for exploitation remains a concern.",Wordpress,File Manager Pro – Filester,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-28T08:47:32.349Z,0
CVE-2024-8066,https://securityvulnerability.io/vulnerability/CVE-2024-8066,Arbitrary File Upload Vulnerability in File Manager Pro's Filester Plugin,"The Filester plugin for WordPress contains a vulnerability that allows authenticated attackers to upload arbitrary files due to inadequate validation in the 'fsConnector' function. This flaw affects all versions up to and including 1.8.4. Attackers with Subscriber-level access and higher, as granted permissions by an Administrator, can exploit this vulnerability to upload potentially malicious files, including a new .htaccess file. This could lead to severe implications, such as unauthorized remote code execution on the server hosting the affected WordPress site.",Wordpress,File Manager Pro – Filester,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-28T08:47:31.273Z,0
CVE-2024-7031,https://securityvulnerability.io/vulnerability/CVE-2024-7031,Unauthorized Modification of Data via Missing Capability Check in File Manager Pro,"The File Manager Pro – Filester plugin for WordPress exhibits a vulnerability that enables unauthorized data modification due to the absence of a capability check in the 'njt_fs_saveSettingRestrictions' function. All versions up to and including 1.8.2 are susceptible, allowing attackers with certain authenticated roles to alter plugin settings for user role restrictions. This includes the alarming ability to permit the upload of potentially malicious file types, such as .php, which could lead to further exploitation of the affected WordPress installations.",Wordpress,File Manager Pro – Filester,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-03T08:36:57.626Z,0