VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Aug 12, 2025

Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Vulnerabilities

Review known vulnerability records for the WordPress plugin Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution (`file-manager-advanced`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-0818, CVE-2025-47688 and CVE-2024-13805, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
5
Patch Coverage
100%
Last Updated
Aug 13, 2025
Priority CVE Quick Links

Fast paths into Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
10
CVE-2024-13333 High 5.2.14
CVE-2024-13333 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Remote Code Execution

Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2024-11391 High 5.2.11
CVE-2024-11391 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Remote Code Execution

Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2024-8126 High 5.2.9
CVE-2024-8126 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Remote Code Execution

Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2024-5598 High 5.2.5
CVE-2024-5598 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Sensitive Information Exposure

Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing

CVE-2024-8704 High 5.2.9
CVE-2024-8704 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Vulnerability

Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale

CVE-2024-8725 Medium 5.2.9
CVE-2024-8725 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution File Upload

Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

CVE-2023-3814 Medium 5.1.1
CVE-2023-3814 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Vulnerability

Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access

CVE-2025-0818 Medium 5.4.0
CVE-2025-0818 Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution Vulnerability

Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 5 high severity findings.
Recent CVEs
CVE-2025-0818, CVE-2025-47688 and CVE-2024-13805
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-0818
CVE-2025-0818: Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to exp...

Published
Aug 12, 2025
Patched Release
5.4.0
Affected Versions
Versions up to 5.3.6
Next Step
Update to 5.4.0 or newer if supported.
Open CVE-2025-0818 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47688
CVE-2025-47688: Advanced File Manager <= 5.3.1 - Missing Authorization to Notice Dismisaal

The Advanced File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 5.3.1. This makes it possible for unauthenticated attackers to dismiss admin notices.

Published
May 07, 2025
Patched Release
5.3.2
Affected Versions
Versions up to 5.3.1
Next Step
Update to 5.3.2 or newer if supported.
Open CVE-2025-47688 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13805
CVE-2024-13805: Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping....

Published
Mar 06, 2025
Patched Release
5.3.0
Affected Versions
Versions up to 5.2.14
Next Step
Update to 5.3.0 or newer if supported.
Open CVE-2024-13805 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13333
CVE-2024-13333: Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and ab...

Published
Jan 16, 2025
Patched Release
5.2.14
Affected Versions
5.2.12 through 5.2.13
Next Step
Update to 5.2.14 or newer if supported.
Open CVE-2024-13333 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-11391
CVE-2024-11391: Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-leve...

Published
Dec 02, 2024
Patched Release
5.2.11
Affected Versions
Versions up to 5.2.10
Next Step
Update to 5.2.11 or newer if supported.
Open CVE-2024-11391 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8725
CVE-2024-8725: Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated atta...

Published
Sep 25, 2024
Patched Release
5.2.9
Affected Versions
Versions up to 5.2.8
Next Step
Update to 5.2.9 or newer if supported.
Open CVE-2024-8725 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-8126
CVE-2024-8126: Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permi...

Published
Sep 25, 2024
Patched Release
5.2.9
Affected Versions
Versions up to 5.2.8
Next Step
Update to 5.2.9 or newer if supported.
Open CVE-2024-8126 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-8704
CVE-2024-8704: Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include an...

Published
Sep 25, 2024
Patched Release
5.2.9
Affected Versions
Versions up to 5.2.8
Next Step
Update to 5.2.9 or newer if supported.
Open CVE-2024-8704 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-5598
CVE-2024-5598: Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or...

Published
Jun 28, 2024
Patched Release
5.2.5
Affected Versions
Versions up to 5.2.4
Next Step
Update to 5.2.5 or newer if supported.
Open CVE-2024-5598 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-3814
CVE-2023-3814: Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access

The Advanced File Managerplugin for WordPress is vulnerable to improper access control in versions up to, and including, 5.1. This makes it possible for authenticated attackers, with administrator-level permissions and above, to access the filesystem on multisite installations. T...

Published
Aug 14, 2023
Patched Release
5.1.1
Affected Versions
Versions up to 5.1
Next Step
Update to 5.1.1 or newer if supported.
Open CVE-2023-3814 Report Open CVE Reference