NotCVE - vendor:"File Manager Advanced"

3 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-47688 – WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

https://notcve.org/view.php?id=CVE-2025-47688

07 May 2025 — Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1. The Advanced File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 5.3.1. This makes it possible for unauthenticated attackers to dismiss admin notices. • https://patchstack.com/database/wordpress/plugin/file-manager-advanced/vulnerability/wordpress-advanced-file-manager-plugin-5-3-1-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0

CVE-2023-7061 – Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2023-7061

08 Jul 2024 — The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Advanced File Manager Shortcodes para WordPress es vulnerable a la carga de archivos arbitrarios en todas las versiones hasta la 2.5.3 incluida. Esto hace posible que ... • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-7062 – Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal

https://notcve.org/view.php?id=CVE-2023-7062

08 Jul 2024 — The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information. El complemento Advanced File Manager Shortcodes para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.4 incluida. Esto hace posible que los atacantes con acceso de colaborador ... • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •