CVE-2024-7031

HIGH

File Manager Pro - Filester <= 1.8.2 - Authenticated Arbitrary Setting Modification via njt_fs_saveSettingRestrictions

Title source: llm
STIX 2.1

Description

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role that has been granted permissions by an Administrator, to update the plugin settings for user role restrictions, including allowing file types such as .php to be uploaded.

Scores

CVSS v3 7.5
EPSS 0.0062
EPSS Percentile 45.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
ninjateam/File Manager Pro – Filester < 1.8.2
ninjateam/filester < 1.8.3
Published Aug 03, 2024
Tracked Since Feb 18, 2026