cleantalk
Vulnerabilities and Security Researches

File Manager Pro – Filester, CVE-2025-3234

CVE, Research URL

CVE-2025-3234

Home page URL

Security reports for File Manager Pro – Filester

Application

File Manager Pro – Filester

Published on
Jun 14, 2025
Research Description
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites.
Affected versions
Min -, max 1.8.9.
Status
vulnerable
Previous vulnerability researches
File Manager Pro – Filester (CVE-2023-4861) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4827) , Jun 07, 2024
File Manager Pro – Filester (CVE-2023-4862) , Jun 07, 2024
File Manager Pro – Filester (CVE-2025-52710) , Jul 03, 2025
File Manager Pro – Filester (CVE-2025-3234) , Jun 14, 2025
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025