Arbitrary File Upload Vulnerability in File Manager Pro – Filester Plugin for WordPress
CVE-2025-3234

7.2HIGH

Key Information:

Vendor: WordPress
Status: File Manager Pro – Filester
Vendor: CVE Published:; 14 June 2025

What is CVE-2025-3234?

The File Manager Pro – Filester plugin for WordPress contains a vulnerability that allows authenticated users with Administrator-level access to upload arbitrary files. Due to a lack of proper file type validation, this flaw can lead to unauthorized file uploads on the server. This poses a significant risk as it can potentially enable remote code execution. Moreover, the ability for administrators to grant file manager privileges to users with lower access levels, such as subscribers, exacerbates the impact of this vulnerability on affected sites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

File Manager Pro – Filester * <= 1.8.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

TANG Cheuk Hei

JSON

WordPress

What is CVE-2025-3234?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.