Arbitrary File Upload Vulnerability in File Manager Pro – Filester Plugin for WordPress
CVE-2025-3234

7.2HIGH

Key Information:

Vendor: WordPress
Status: File Manager Pro – Filester
Vendor: CVE Published:; 14 June 2025

What is CVE-2025-3234?

The File Manager Pro – Filester plugin for WordPress contains a vulnerability that allows authenticated users with Administrator-level access to upload arbitrary files. Due to a lack of proper file type validation, this flaw can lead to unauthorized file uploads on the server. This poses a significant risk as it can potentially enable remote code execution. Moreover, the ability for administrators to grant file manager privileges to users with lower access levels, such as subscribers, exacerbates the impact of this vulnerability on affected sites.

Affected Version(s)

File Manager Pro – Filester * <= 1.8.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

TANG Cheuk Hei