CVE-2024-5598: 
WordPress vulnerability analysis and mitigation

The Advanced File Manager plugin for WordPress contains a Sensitive Information Exposure vulnerability (CVE-2024-5598) affecting all versions up to and including 5.2.4. The vulnerability was discovered on June 28, 2024, and publicly disclosed on June 29, 2024. This security issue impacts the WordPress plugin's file management functionality (NVD, Wordfence).

The vulnerability exists in the 'fmalocalfile_system' function of the plugin. It allows unauthenticated attackers to access sensitive data, particularly when files have been moved to the built-in Trash folder. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability enables unauthorized attackers to extract sensitive data, including potential backup files and other confidential information stored in the plugin's Trash folder. This exposure of sensitive information could lead to unauthorized access to private data and potential system compromise (Wordfence).

A patch has been released to address this vulnerability. Users should upgrade to version 5.2.5 or later of the Advanced File Manager plugin to mitigate the risk (WordPress Plugin).