Remote Code Execution in File Manager Plugin for WordPress
CVE-2020-25213
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 9 September 2020
Badges
What is CVE-2020-25213?
The File Manager plugin for WordPress prior to version 6.9 contains a vulnerability that permits remote attackers to upload and execute arbitrary PHP code. The issue arises from the renaming of an insecure example elFinder connector file to have a .php extension. This flaw facilitates attackers to leverage elFinder commands such as upload, mkfile, and put, which allows them to write PHP scripts into the wp-content/plugins/wp-file-manager/lib/files/ directory. The vulnerability was notably exploited in the wild during August and September 2020, impacting numerous WordPress sites and highlighting the critical importance of timely updates and security practices.
CISA has reported CVE-2020-25213
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2020-25213 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved