← Back

Library File Manager

library_file_manager

Vendor: Wpjos • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-20091
1Wpjos
1Library File Manager
Nov 21, 2024
Jun 23, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack rem...Show more
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.Show less
CVE-2022-0403
1Wpjos
1Library File Manager
Jun 17, 2026
Apr 4, 2022
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well a...Show more
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders.Show less