File Manager <= 4.8 – Multiple Vulnerabilities

July 10, 2019
file-manager Theme Builder Layout
The multiple vulnerabilities exist due to not checking the authentication of the user properly in the wp_ajax_* action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any user role. Edit (WPScanTeam): Original advisory reported fixed in 4.9, however the 4.9 was missing CSRF checks, which have been added in 5.1


Share this article:

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

2019-fall-hackathon-propelling-wp-engine-forward-faster Theme Builder Layout

2019 Fall Hackathon: Propelling WP Engine Forward, Faster

WP Engine, like any engine, needs fuel to press ahead. Innovation is the spark that ignites and propels us forward faster, and to keep that ingenious spark lit, we actively foster a creative and collaborative environment at WP Engine where cutting-edge ideas can take...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.