file-manager File Manager <= 4.8 – Multiple Vulnerabilities
Description
The multiple vulnerabilities exist due to not checking the authentication of the user properly in the wp_ajax_* action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any user role. Edit (WPScanTeam): Original advisory reported fixed in 4.9, however the 4.9 was missing CSRF checks, which have been added in 5.1

Source

SEO News and More

SEO News and More

Share This