cleantalk
Vulnerabilities and Security Researches

File Manager Pro – Filester, CVE-2024-12331

CVE, Research URL

CVE-2024-12331

Home page URL

Security reports for File Manager Pro – Filester

Application

File Manager Pro – Filester

Published on
Dec 19, 2024
Research Description
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.
Affected versions
Min -, max 1.8.7.
Status
vulnerable
Previous vulnerability researches
File Manager Pro – Filester (CVE-2023-4861) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4827) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4862) , Jun 07, 2024
File Manager Pro – Filester (CVE-2025-52710) , Jul 03, 2025
File Manager Pro – Filester (CVE-2025-3234) , Jun 14, 2025
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025