Sensitive Information Exposure in Managefy File Manager Plugin for WordPress
CVE-2025-10744

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: File Manager, Code Editor, And Backup By Managefy
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-10744?

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress contains a vulnerability that allows unauthorized access to sensitive data through publicly exposed log files. This exposure can lead to the disclosure of full paths and details about backup files, providing potential attackers with critical system information that could be exploited for further attacks. It is crucial for users of this plugin to address this issue promptly to secure their installations.

Affected Version(s)

File Manager, Code Editor, and Backup by Managefy * <= 1.6.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/softdiscover-d...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Sep 19, 2025

Credit

Aurélien BOURDOIS

JSON