7.5
CVE-2024-5598
- EPSS 0.56%
- Veröffentlicht 29.06.2024 05:15:02
- Zuletzt bearbeitet 08.04.2026 18:22:09
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.
Mögliche Gegenmaßnahme
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution: Update to version 5.2.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advancedfilemanager ≫ Advanced File Manager SwPlatformwordpress Version < 5.2.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution
Version
*-5.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.421 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-922 Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/class_fma_connector.php#L13
https://plugins.trac.wordpress.org/changeset/3107587/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9d4ff5ed-8857-46b8-942b-ac0f47880a95?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/9d4ff5ed-8857-46b8-942b-ac0f47880a95