Known Vulnerabilities for Elfinder by Studio42
Listed below are 8 of the newest known vulnerabilities associated with "Elfinder" by "Studio42".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44521 json | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-44260 json | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the |
Not Provided | 2026-05-12 | 2026-05-13 |
| CVE-2026-41247 json | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a ... | Not Provided | 2026-04-23 | 2026-04-25 |
| CVE-2026-34415 json | Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connecto... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2026-34414 json | Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector end... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2026-34413 json | Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endp... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2024-38909 json | Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between ser... | Not Provided | 2024-07-30 | 2026-07-09 |
| CVE-2023-54350 json | WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unaut... | Not Provided | 2026-06-08 | 2026-06-08 |