Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Advanced File Manager 5.2.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 25, 2024

Many add-ons for WordPress are at risk of Limited File Upload in different versions. This happens because there aren’t enough safeguards to prevent users with lower levels of access from uploading .css and .js files to any folder they want. This means that someone with at least Subscriber-level access, who has been given permission by an administrator, could upload these types of files to any folder in the main WordPress directory. This could result in Stored Cross-Site Scripting. For this vulnerability to be exploited, the Advanced File Manager Shortcodes plugin must be installed.

Detected in:

Advance File Manager – Ultimate File Manager And Document Library fixed vulnerable versions:
Advanced File Manager fixed vulnerable versions: >= * <= 5.2.8
Advanced File Manager – Ultimate WP File Manager And Document Library Solution fixed vulnerable versions:
Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.