VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Oct 15, 2024

File Manager Pro Vulnerabilities

Review known vulnerability records for the WordPress plugin File Manager Pro (`wp-file-manager-pro`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-8507, CVE-2024-8746 and CVE-2024-8918, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
5
Patch Coverage
100%
Last Updated
Oct 16, 2024
Priority CVE Quick Links

Fast paths into File Manager Pro CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2024-8507 High 8.3.10
CVE-2024-8507 File Manager Pro Arbitrary File Upload

File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload

CVE-2024-7559 High 8.3.8
CVE-2024-7559 File Manager Pro Remote Code Execution

File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2023-6846 High 8.3.5
CVE-2023-6846 File Manager Pro Arbitrary File Upload

File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2024-8746 High 8.3.10
CVE-2024-8746 File Manager Pro Remote Code Execution

File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload

CVE-2024-8918 High 8.3.10
CVE-2024-8918 File Manager Pro File Upload

File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload

CVE-2023-7015 Medium 8.3.5
CVE-2023-7015 File Manager Pro Cross-Site Scripting

File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for File Manager Pro so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 5 high severity findings.
Recent CVEs
CVE-2024-8507, CVE-2024-8746 and CVE-2024-8918
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for File Manager Pro

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2024-8507
CVE-2024-8507: File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attacker...

Published
Oct 15, 2024
Patched Release
8.3.10
Affected Versions
Versions up to 8.3.9
Next Step
Update to 8.3.10 or newer if supported.
Open CVE-2024-8507 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-8746
CVE-2024-8746: File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticate...

Published
Oct 15, 2024
Patched Release
8.3.10
Affected Versions
Versions up to 8.3.9
Next Step
Update to 8.3.10 or newer if supported.
Open CVE-2024-8746 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-8918
CVE-2024-8918: File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload

The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by a...

Published
Oct 15, 2024
Patched Release
8.3.10
Affected Versions
Versions up to 8.3.9
Next Step
Update to 8.3.10 or newer if supported.
Open CVE-2024-8918 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-7559
CVE-2024-7559: File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, w...

Published
Aug 22, 2024
Patched Release
8.3.8
Affected Versions
Versions up to 8.3.7
Next Step
Update to 8.3.8 or newer if supported.
Open CVE-2024-7559 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-7015
CVE-2023-7015: File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting

The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Published
Feb 20, 2024
Patched Release
8.3.5
Affected Versions
Versions up to 8.3.4
Next Step
Update to 8.3.5 or newer if supported.
Open CVE-2023-7015 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-6846
CVE-2023-6846: File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute cod...

Published
Jan 24, 2024
Patched Release
8.3.5
Affected Versions
Versions up to 8.3.4
Next Step
Update to 8.3.5 or newer if supported.
Open CVE-2023-6846 Report Open CVE Reference