cleantalk
Vulnerabilities and Security Researches

File Manager Pro – Filester, CVE-2024-7031

CVE, Research URL

CVE-2024-7031

Home page URL

Security reports for File Manager Pro – Filester

Application

File Manager Pro – Filester

Published on
Aug 03, 2024
Research Description
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role that has been granted permissions by an Administrator, to update the plugin settings for user role restrictions, including allowing file types such as .php to be uploaded.
Affected versions
Min -, max 1.8.3.
Status
vulnerable
Previous vulnerability researches
File Manager Pro – Filester (CVE-2023-4861) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4827) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4862) , Jun 07, 2024
File Manager Pro – Filester (CVE-2025-52710) , Jul 03, 2025
File Manager Pro – Filester (CVE-2025-3234) , Jun 14, 2025
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025