Ninjateam Filester
7 CVEs affecting Ninjateam Filester. Latest disclosed: 2024-12-19. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4827 | High | 8.8 | 2023-10-16 | The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly… |
CVE-2024-8066 | High | 7.5 | 2024-11-28 | The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all ver… |
CVE-2024-7031 | High | 7.5 | 2024-08-03 | The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSe… |
CVE-2024-9669 | High | 7.2 | 2024-11-28 | The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_l… |
CVE-2023-4861 | High | 7.2 | 2023-10-16 | The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to g… |
CVE-2023-4862 | Medium | 4.8 | 2023-10-16 | The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. |
CVE-2024-12331 | Medium | 4.3 | 2024-12-19 | The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_… |