Ninjateam Filester

7 CVEs affecting Ninjateam Filester. Latest disclosed: 2024-12-19. Critical: 0, High: 5.

Top CVEs affecting Ninjateam Filester
CVESeverityScorePublishedSummary
CVE-2023-4827High8.82023-10-16The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly…
CVE-2024-8066High7.52024-11-28The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all ver…
CVE-2024-7031High7.52024-08-03The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSe…
CVE-2024-9669High7.22024-11-28The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_l…
CVE-2023-4861High7.22023-10-16The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to g…
CVE-2023-4862Medium4.82023-10-16The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.
CVE-2024-12331Medium4.32024-12-19The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_…