Vulnerabilities (CVE)

Filtered by vendor Ninjateam Subscribe
Filtered by product Filester
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4862 1 Ninjateam 1 Filester 2024-11-21 N/A 4.8 MEDIUM
The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.
CVE-2023-4861 1 Ninjateam 1 Filester 2024-11-21 N/A 7.2 HIGH
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.
CVE-2023-4827 1 Ninjateam 1 Filester 2024-11-21 N/A 8.8 HIGH
The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.