CVE-2024-8066

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.6

Description: The issue is related to arbitrary file uploads due to missing validation in the fsConnector function. This allows authenticated attackers with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file, which may subsequently enable them to upload arbitrary files on the affected site's server, potentially making remote code execution possible.

Recommendations: For versions up to, and including, 1.8.6, update to a version higher than 1.8.6 to resolve the issue. As a temporary workaround, consider disabling the fsConnector function until a patch is available. Restrict access to the File Manager Pro – Filester plugin to minimize the risk of exploitation.