The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media paramete
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for au
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capabilit
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthen
The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-ma
The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for a
The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, an
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with c
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as a
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible f
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded fi
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce v
The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This mak
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined wi
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access o
Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and incl
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by
Page 1+ Next →