Directory Traversal Vulnerability in WordPress File Manager by Studio 42
CVE-2023-6825

9.9CRITICAL

Key Information:

Vendor: Wordpress
Status: File Manager; File Manager Pro
Vendor: CVE Published:; 13 March 2024

Summary

The File Manager and File Manager Pro plugins for WordPress contain a vulnerability that allows for directory traversal, exposing sensitive files on the server. This occurs due to improper validation of the target parameter within the mk_file_folder_manager_action_callback_shortcode function. Attackers can potentially access and read files located outside the intended directory, including sensitive configuration files. In the free version, administrator privileges are required for successful exploitation, while the Pro version's design permits file handling to be embedded via a shortcode. This problem is exacerbated by the ability of admins to assign file handling capabilities to lower-level users, making it easier for them to exploit this vulnerability.

Affected Version(s)

File Manager * <= 7.2.1

File Manager Pro * <= 8.3.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://github.com/Studio-42/elFinder/blob/master/php/elF...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Dec 14, 2023

Credit

Tobias Weißhaar