Web application abuses : WordPress File Manager Plugin

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.124732

Kategorie: Web application abuses

Titel: WordPress File Manager Plugin < 7.2.5 CSRF Vulnerability

Zusammenfassung: The WordPress plugin 'File Manager' is prone to a cross-site; request forgery (CSRF) vulnerability.

Beschreibung: Summary:
The WordPress plugin 'File Manager' is prone to a cross-site
request forgery (CSRF) vulnerability.

Vulnerability Insight:
The File Manager plugin for WordPress is vulnerable to
cross-site request forgery due to incorrect nonce validation on the wp_file_manager page
that includes files through the 'lang' parameter.

Affected Software/OS:
WordPress File Manager plugin prior to version 7.2.5.

Solution:
Update to version 7.2.5 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-1538
https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager
https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.124732
Kategorie:	Web application abuses
Titel:	WordPress File Manager Plugin < 7.2.5 CSRF Vulnerability
Zusammenfassung:	The WordPress plugin 'File Manager' is prone to a cross-site; request forgery (CSRF) vulnerability.
Beschreibung:	Summary: The WordPress plugin 'File Manager' is prone to a cross-site request forgery (CSRF) vulnerability. Vulnerability Insight: The File Manager plugin for WordPress is vulnerable to cross-site request forgery due to incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. Affected Software/OS: WordPress File Manager plugin prior to version 7.2.5. Solution: Update to version 7.2.5 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-1538 https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve
Copyright	Copyright (C) 2025 Greenbone AG