Vulnerabilities and security researches forwp-file-manager wp-file-manager

Jun 06, 2024

CVE, Research URL: CVE-2018-16966
Home page URL: Security reports for File Manager
Application: File Manager
Date: Apr 16, 2019
Research Description: There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-0761
Home page URL: Security reports for File Manager
Application: File Manager
Date: Feb 06, 2024
Research Description: The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6825
Home page URL: Security reports for File Manager
Application: File Manager
Date: Mar 13, 2024
Research Description: The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24177
Home page URL: Security reports for File Manager
Application: File Manager
Date: Apr 06, 2021
Research Description: In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-24312
Home page URL: Security reports for File Manager
Application: File Manager
Date: Aug 26, 2020
Research Description: mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-25213
Home page URL: Security reports for File Manager
Application: File Manager
Date: Sep 09, 2020
Research Description: The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2018-16363
Home page URL: Security reports for File Manager
Application: File Manager
Date: Sep 08, 2018
Research Description: The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1538
Home page URL: Security reports for File Manager
Application: File Manager
Date: Mar 21, 2024
Research Description: The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2654
Home page URL: Security reports for File Manager
Application: File Manager
Date: Apr 10, 2024
Research Description: The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2018-16967
Home page URL: Security reports for File Manager
Application: File Manager
Date: Apr 16, 2019
Research Description: There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
Affected versions: Min -, max -.
Status: vulnerable

Jul 01, 2024

CVE, Research URL: CVE-2024-37254
Home page URL: Security reports for File Manager
Application: File Manager
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2018-25105
Home page URL: Security reports for File Manager
Application: File Manager
Date: Oct 16, 2024
Research Description: The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.
Affected versions: Min -, max -.
Status: vulnerable