Unauthorized File Access possible in File Manager Plugin for WordPress
CVE-2018-25105
9.8CRITICAL
Key Information:
- Vendor
- Mndpsingh287
- Status
- File Manager
- Vendor
- CVE Published:
- 16 October 2024
Summary
The File Manager plugin for WordPress presents a significant security risk due to a lack of necessary capability checks in the /inc/root.php file. This vulnerability allows unauthorized users to access and download sensitive files from the server. Moreover, it enables these attackers to upload potentially malicious files that could facilitate remote code execution. The affected versions include all releases up to and including 3.0, leaving numerous WordPress installations at risk if not promptly updated.
Affected Version(s)
File Manager * <= 3.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved