Home/Product/filemanagerpro file manager
Product

filemanagerpro file manager

26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-14894
< 1.0.0
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform fil
9.8CRITICAL
 CVE-2025-63678
all versions
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22
7.2HIGH
 CVE-2025-46000
<= 2.5.0
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allow
6.5MEDIUM
 CVE-2025-46002
<= 2.0.0
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to t
6.5MEDIUM
 CVE-2025-46001
>= 0.8 and <= 1.1
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute ar
9.8CRITICAL
 CVE-2024-52306
< 2.0.2
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the m
7.6HIGH
 CVE-2024-8918
< 8.3.10
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.
7.4HIGH
 CVE-2024-8746
< 8.3.10
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type va
7.5HIGH
 CVE-2024-8507
< 8.3.10
The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9.
8.8HIGH
 CVE-2018-25105
<= 3.0
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.ph
9.8CRITICAL
 CVE-2024-7770
< 6.5.6
The Bit File Manager - 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to ar
8.8HIGH
 CVE-2024-7627
>= 6.0 and < 6.5.6
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' fu
8.1HIGH
 CVE-2024-2654
< 7.2.6
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_
6.8MEDIUM
 CVE-2024-1538
< 7.2.5
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. Thi
8.8HIGH
 CVE-2024-0761
<= 7.2.1
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1
8.1HIGH
 CVE-2023-6846
<= 8.3.4
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via t
8.8HIGH
 CVE-2022-47599
< 6.0.0
Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manag
5.5MEDIUM
 CVE-2023-5907
< 6.3
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set
6.5MEDIUM
 CVE-2021-24177
< 7.1
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/
5.4MEDIUM
 CVE-2021-20651
all versions
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overw
9.1CRITICAL
 CVE-2020-25213
< 6.9
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod
10.0CRITICAL
 CVE-2020-24312
<= 6.4
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. T
7.5HIGH
 CVE-2018-16967
all versions
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_p
6.1MEDIUM
 CVE-2018-16966
all versions
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_p
8.8HIGH
 CVE-2018-16363
all versions
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manage
5.4MEDIUM
 CVE-2018-7204
<= 5.0.0
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/
7.5HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh