cleantalk
Vulnerabilities and Security Researches

File Manager Pro – Filester, CVE-2024-8066

CVE, Research URL

CVE-2024-8066

Home page URL

Security reports for File Manager Pro – Filester

Application

File Manager Pro – Filester

Published on
Nov 28, 2024
Research Description
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.8.5.
Status
vulnerable
Previous vulnerability researches
File Manager Pro – Filester (CVE-2023-4861) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4827) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4862) , Jun 07, 2024
File Manager Pro – Filester (CVE-2025-52710) , Jul 03, 2025
File Manager Pro – Filester (CVE-2025-3234) , Jun 14, 2025
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025