Arbitrary File Inclusion Vulnerability in Advanced File Manager Plugin for WordPress
CVE-2024-8704
7.2HIGH
What is CVE-2024-8704?
The Advanced File Manager plugin for WordPress is subject to a vulnerability that allows Local JavaScript File Inclusion. This security flaw affects all versions up to and including 5.2.8 and can be exploited by authenticated users with Administrator-level access. By manipulating the 'fma_locale' parameter, attackers can include and execute arbitrary files on the server, leading to unauthorized execution of PHP code. This vulnerability poses significant risks, such as bypassing access controls and exposing sensitive data, particularly when leveraging file uploads. Users and administrators are urged to review their plugin versions and implement necessary security measures.
Affected Version(s)
Advanced File Manager * <= 5.2.8