WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection
CVE-2022-47599

5.5MEDIUM

Key Information:

Vendor: WordPress
Status: File Manager – 100% Free & Open Source File Manager Plugin For WordPress | Bit File Manager
Vendor: CVE Published:; 20 December 2023

What is CVE-2022-47599?

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.

Affected Version(s)

File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager <= 5.2.7

References

https://patchstack.com/database/vulnerability/file-manage...

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Dec 20, 2022

Credit

rezaduty (Patchstack Alliance)