Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4861 | 1 Ninjateam | 1 Filester | 2024-02-28 | N/A | 7.2 HIGH |
| The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. | |||||
| CVE-2023-4827 | 1 Ninjateam | 1 Filester | 2024-02-28 | N/A | 8.8 HIGH |
| The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. | |||||
| CVE-2023-4862 | 1 Ninjateam | 1 Filester | 2024-02-28 | N/A | 4.8 MEDIUM |
| The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. | |||||