The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Filemanagerpro
Filemanagerpro file Manager Pro |
|
CPEs | cpe:2.3:a:filemanagerpro:file_manager_pro:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Filemanagerpro
Filemanagerpro file Manager Pro |
|
Metrics |
ssvc
|
Fri, 23 Aug 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |
Title | File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-23T02:31:46.637Z
Updated: 2024-08-23T14:09:01.521Z
Reserved: 2024-08-06T14:09:23.803Z
Link: CVE-2024-7559
Vulnrichment
Updated: 2024-08-23T14:08:53.139Z
NVD
Status : Awaiting Analysis
Published: 2024-08-23T03:15:04.060
Modified: 2024-08-23T16:18:28.547
Link: CVE-2024-7559
Redhat
No data.