All the vulnerabilites related to mndpsingh287 - File Manager
cve-2023-6825
Vulnerability from cvelistv5
Published
2024-03-13 15:27
Modified
2024-08-08 17:56
Severity ?
EPSS score ?
Summary
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mndpsingh287 | File Manager | |
| File Manager | File Manager Pro |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3023403%40wp-file-manager%2Ftrunk\u0026old=2984933%40wp-file-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:file_manager_project:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "file_manager",
"vendor": "file_manager_project",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:filemanagerpro:file_manager_pro:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "file_manager_pro",
"vendor": "filemanagerpro",
"versions": [
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:49:43.088152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:56:15.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "File Manager Pro",
"vendor": "File Manager",
"versions": [
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Wei\u00dfhaar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-23 Relative Path Traversal",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:27:05.576Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve"
},
{
"url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3023403%40wp-file-manager%2Ftrunk\u0026old=2984933%40wp-file-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-04T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6825",
"datePublished": "2024-03-13T15:27:05.576Z",
"dateReserved": "2023-12-14T18:54:26.691Z",
"dateUpdated": "2024-08-08T17:56:15.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-0818
Vulnerability from cvelistv5
Published
2025-08-13 03:42
Modified
2025-08-13 03:42
Severity ?
EPSS score ?
Summary
Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager Pro \u2013 Filester",
"vendor": "ninjateam",
"versions": [
{
"lessThanOrEqual": "1.8.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Advanced File Manager \u2013 Ultimate WP File Manager And Document Library Solution",
"vendor": "saadiqbal",
"versions": [
{
"lessThanOrEqual": "5.3.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Wydler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T03:42:04.514Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=cve"
},
{
"url": "https://github.com/Studio-42/elFinder"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.php#L5411"
},
{
"url": "https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.php#L5378"
},
{
"url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinder.class.php#L5367"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3319016/filester"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-28T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Multiple elFinder Plugins \u003c= (Various Versions) - Directory Traversal to Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0818",
"datePublished": "2025-08-13T03:42:04.514Z",
"dateReserved": "2025-01-28T21:23:43.968Z",
"dateUpdated": "2025-08-13T03:42:04.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37254
Vulnerability from cvelistv5
Published
2024-11-01 14:18
Modified
2024-11-01 16:04
Severity ?
EPSS score ?
Summary
WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mndpsingh287 | File Manager |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T16:04:22.422813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T16:04:34.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-file-manager",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"changes": [
{
"at": "7.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects File Manager: from n/a through 7.2.7.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:18:29.286Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wp-file-manager/wordpress-wp-file-manager-plugin-7-2-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 7.2.8 or a higher version."
}
],
"value": "Update to 7.2.8 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP File Manager plugin \u003c= 7.2.7 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37254",
"datePublished": "2024-11-01T14:18:29.286Z",
"dateReserved": "2024-06-04T16:46:44.986Z",
"dateUpdated": "2024-11-01T16:04:34.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0761
Vulnerability from cvelistv5
Published
2024-02-05 21:21
Modified
2025-06-17 21:29
Severity ?
EPSS score ?
Summary
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mndpsingh287 | File Manager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-file-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933\u0026old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:06:32.772273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:25.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuki Haruma"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T21:21:34.656Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-file-manager/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933\u0026old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0761",
"datePublished": "2024-02-05T21:21:34.656Z",
"dateReserved": "2024-01-19T20:27:12.161Z",
"dateUpdated": "2025-06-17T21:29:25.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-25105
Vulnerability from cvelistv5
Published
2024-10-16 06:43
Modified
2024-10-16 17:09
Severity ?
EPSS score ?
Summary
File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mndpsingh287 | File Manager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mndpsingh287:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "file_manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:07:49.767498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T17:09:15.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:38.894Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=1942390%40wp-file-manager\u0026new=1942390%40wp-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2018-09-17T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "File Manager \u003c= 3.0 - Unauthenticated Arbitrary File Upload/Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2018-25105",
"datePublished": "2024-10-16T06:43:38.894Z",
"dateReserved": "2024-10-15T18:07:53.872Z",
"dateUpdated": "2024-10-16T17:09:15.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1538
Vulnerability from cvelistv5
Published
2024-03-21 03:32
Modified
2024-08-05 20:10
Severity ?
EPSS score ?
Summary
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mndpsingh287 | File Manager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mndpsingh287:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "file_manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:08:49.659654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:10:01.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Holley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the \u0027lang\u0027 parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T03:32:42.789Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-20T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1538",
"datePublished": "2024-03-21T03:32:42.789Z",
"dateReserved": "2024-02-15T15:53:38.014Z",
"dateUpdated": "2024-08-05T20:10:01.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2654
Vulnerability from cvelistv5
Published
2024-04-09 18:59
Modified
2025-02-26 18:09
Severity ?
EPSS score ?
Summary
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mndpsingh287 | File Manager |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:02:21.174260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:09:02.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:18:48.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca98fbc6-8cfa-4997-8a46-344afb75a97e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/file_folder_manager.php#L1353"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3062387/wp-file-manager/trunk?contextall=1\u0026old=3051451\u0026old_path=%2Fwp-file-manager%2Ftrunk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdelnour Osman"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T18:59:21.868Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca98fbc6-8cfa-4997-8a46-344afb75a97e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/file_folder_manager.php#L1353"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3062387/wp-file-manager/trunk?contextall=1\u0026old=3051451\u0026old_path=%2Fwp-file-manager%2Ftrunk"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2654",
"datePublished": "2024-04-09T18:59:21.868Z",
"dateReserved": "2024-03-19T15:26:37.155Z",
"dateUpdated": "2025-02-26T18:09:02.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}