Temporary File Vulnerability Affects Bit File Manager WordPress Plugin
CVE-2024-7627

8.1HIGH

Key Information:

Vendor: Wordpress
Status: Bit File Manager – 100% Free & Open Source File Manager And Code Editor For WordPress
Vendor: CVE Published:; 5 September 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Bit File Manager plugin for WordPress has a vulnerability that allows remote code execution. This issue arises from the 'checkSyntax' function, which inadequately validates files before creating a temporary file in a publicly accessible directory. As a result, if an administrator has granted Guest User read permissions, unauthenticated attackers can potentially execute arbitrary code on the server. Website owners using the affected versions of this plugin should take immediate action to secure their sites against this vulnerability.

Affected Version(s)

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress 6.0 <= 6.5.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7627-PoC
Created by siunam321

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/file-manager/t...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 8, 2025
👾
Exploit known to exist
Jan 8, 2025
Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Aug 8, 2024

Credit

TANG Cheuk Hei