Dmitrii

**Name of the Vulnerable Software and Affected Versions** Mmm Simple File List WordPress plugin versions prior to 2.3 **Description** The issue allows any authenticated users, such as subscribers, to list the content of arbitrary directories due to a lack of validation in the generated path. **Recommendations** For versions prior to 2.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Prevent files / folders access WordPress plugin versions prior to 2.5.2 **Description** The issue concerns the failure to validate files to be uploaded, potentially allowing attackers to upload arbitrary files, such as PHP files, to the server. **Recommendations** For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** FileOrganizer WordPress plugin versions 1.0.2 and earlier **Description** The issue allows site admins to gain full control over the server in multisite instances due to a lack of functionality restriction. This can potentially lead to attackers manipulating the root folder and accessing sensitive system directories via path traversal. **Recommendations** For FileOrganizer WordPress plugin versions 1.0.2 and earlier, consider disabling the plugin until a patch is available to restrict functionality on multisite instances and prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced File Manager WordPress plugin versions prior to 5.1.1 **Description** The issue allows site admin users to list and read arbitrary files and folders on the server due to inadequate authorization on multisite installations. **Recommendations** For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality on multisite installations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** POEditor WordPress plugin versions prior to 0.9.8 **Description** The issue is related to the lack of CSRF checks in various places within the plugin, allowing attackers to perform unwanted actions on logged-in admins, such as resetting the plugin's settings and updating its API key via CSRF attacks. **Recommendations** For versions prior to 0.9.8, update to version 0.9.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings and API key management features to minimize the risk of exploitation.