CVE-2025-0818
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
Summary
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ninjateam | File Manager Pro – Filester | 0 <= 1.8.9 | affected |
| saadiqbal | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | 0 <= 5.3.6 | affected |
| File Manager | File Manager Pro | 0 <= 8.4.2 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=cve
- https://github.com/Studio-42/elFinder
- https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.php
- https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.php#L5411
- https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.php#L5378
- https://github.com/Studio-42/elFinder/blob/master/php/elFinder.class.php#L5367
- https://plugins.trac.wordpress.org/changeset/3319016/filester
- https://plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.