CVE-2024-5598

Name of the Vulnerable Software and Affected Versions Advanced File Manager plugin for WordPress versions up to, and including, 5.2.4

Description The issue allows unauthenticated attackers to extract sensitive data, including backups or other sensitive information, if the files have been moved to the built-in Trash folder. This is possible via the fma local file system function.

Recommendations For versions up to, and including, 5.2.4, consider disabling the fma local file system function until a patch is available to prevent sensitive information exposure. Restrict access to the built-in Trash folder to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.