Vulnerabilities

CVE-2024-12331

by Fred · 19/12/2024

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_install_plugin’ function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.

More information : https://plugins.trac.wordpress.org/changeset/3208858/filester

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : LOW
Base score : 4.3
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 1.4

Similar

Tags: Cybersecurity Alert