Skip to main content

Advanced File Manager

9 CVEs product

Monthly

CVE-2026-6382 CRITICAL POC PATCH Act Now

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operations, allowing authenticated users to perform OS Command Injection. This requires the server to have the ImageMagick convert CLI available without either the PHP imagick or GD extensions.

WordPress Command Injection PHP Fileorganizer Advanced File Manager +2
NVD WPScan VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-13805 MEDIUM PATCH This Month

The Advanced File Manager - Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced File Manager
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-13333 HIGH PATCH This Month

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 13.9%.

RCE File Upload WordPress Advanced File Manager
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2024-11391 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP File Upload Advanced File Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-8725 MEDIUM PATCH This Month

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload Advanced File Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8704 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-8126 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP File Upload Advanced File Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-5598 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Advanced File Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-3814 MEDIUM This Month

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Advanced File Manager
NVD WPScan
CVSS 3.1
4.9
EPSS
0.5%
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operations, allowing authenticated users to perform OS Command Injection. This requires the server to have the ImageMagick convert CLI available without either the PHP imagick or GD extensions.

WordPress Command Injection PHP +4
NVD WPScan VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Advanced File Manager - Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced File Manager
NVD
EPSS 14% CVSS 7.5
HIGH PATCH This Month

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 13.9%.

RCE File Upload WordPress +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress +3
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Advanced File Manager
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Advanced File Manager
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy