Unauthorized Data Modification Vulnerability in WordPress File Manager Pro Plugin
CVE-2024-12331
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 19 December 2024
What is CVE-2024-12331?
CVE-2024-12331 describes a critical security vulnerability in the File Manager Pro - Filester plugin for WordPress. This flaw arises from a missing capability check in the 'ajax_install_plugin' function in all versions up to and including 1.8.6. As a result, authenticated attackers with Subscriber-level or higher access can exploit this vulnerability to install the Filebird plugin without proper authorization, potentially leading to unauthorized changes and breaches. Website administrators are strongly advised to update their plugin versions to ensure website integrity and security.
Affected Version(s)
File Manager Pro – Filester * <= 1.8.6