Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total8
Critical0
High5
Medium3
Reset
Showing 1-8 of 8 records
Threat Entry Updated 2025-08-13

CVE-2025-0818 - Filester Plugin

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.

PLUGIN Filester

CVE-2025-0818

MEDIUM CVSS 6.5 2025-08-13
Open Full Technical Breakdown
Threat Entry Updated 2025-06-16

CVE-2025-3234 - Filester Plugin

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites.

PLUGIN Filester

CVE-2025-3234

HIGH CVSS 7.2 2025-06-14
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2024-12331 - Filester Plugin

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.

PLUGIN Filester

CVE-2024-12331

MEDIUM CVSS 4.3 2024-12-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-26

CVE-2024-8066 - Filester Plugin

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Filester

CVE-2024-8066

HIGH CVSS 7.5 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2024-9669 - Filester Plugin

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability was…

PLUGIN Filester

CVE-2024-9669

HIGH CVSS 7.2 2024-11-28
Open Full Technical Breakdown
Threat Entry Updated 2025-04-10

CVE-2024-7031 - Filester Plugin

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role that has been granted permissions by an Administrator, to update the plugin settings for user role restrictions, including allowing file types such as .php to be uploaded.

PLUGIN Filester

CVE-2024-7031

HIGH CVSS 7.5 2024-08-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4862 - Filester Plugin

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.

PLUGIN Filester

CVE-2023-4862

MEDIUM CVSS 4.8 2023-10-16
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4827 - Filester Plugin

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.

PLUGIN Filester

CVE-2023-4827

HIGH CVSS 8.8 2023-10-16
Open Full Technical Breakdown
Scroll to top