Unrestricted File Upload Vulnerability in File Manager Plugin for WordPress
CVE-2025-53260

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: File Manager Plugin For WordPress
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-53260?

An Unrestricted Upload of File with Dangerous Type vulnerability in the File Manager Plugin for WordPress allows an attacker to upload a malicious web shell to the web server. This issue poses a significant risk as it can enable remote code execution, thereby compromising the security of web applications using the affected plugin. Users are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

File Manager Plugin For Wordpress <= 7.5

References

https://patchstack.com/database/wordpress/plugin/file-man...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)