WordPress Plugin Vulnerabilities

File Manager <= 4.1.4 - Cross-Site Request Forgery (CSRF) Arbitrary File Upload

Description

The File Manager WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) Arbitrary File Upload security vulnerability.

Affects Plugins

Plugin icon
file-manager
Fixed in 4.1.5

References

URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_file_manager_wordpress_plugin.html
URL
https://seclists.org/bugtraq/2017/Feb/57

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
f6bbf490-a77a-45f2-bb7d-6d8e5e237f42

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-20 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-08-21
Title
Super Store Finder <= 7.5 - Cross-Site Request Forgery
Published
2022-07-07
Title
Progressive License <= 1.1.0 - CSRF to Stored XSS
Published
2014-08-01
Title
foursquare-checkins - CSRF
Published
2025-04-04
Title
Table Block by RioVizual < 2.3.2 - Cross-Site Request Forgery
Published
2023-04-24
Title
WP BrowserUpdate < 4.5 - Settings Update via CSRF