WordPress File Manager Plugin – Security Vulnerability

Short Summary:

A remote code execution vulnerability was found in the WordPress File Manager Plugin. The vulnerability can be exploited by an unauthenticated remote attacker by uploading PHP files containing web shells hidden in an image to the wp-content/plugins/wp-file-manager/lib/files/ directory. Successful exploitation can enable an attacker to execute commands and upload malicious files on a target site.

Vulnerability Identifier: 

None

Vulnerability Problem Type: 

Design problem

Credibility Level: 

Vendor report

Author: 

Ville Korhonen

Platform: 

Windows, Unix-like, Linux

Vulnerable Platforms:

WordPress wp-file-manager 6.0-6.8

Non-Vulnerable Platforms:

WordPress wp-file-manager 6.9

Severity Rating: 

Critical

Vulnerability Rating:

CVSS v3.0

Base Metrics : 

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Impact: 

Remote Code Execution

Exploit Available: 

No

Attack Vector: 

Network

Fix Type: 

Vendor fix

Defense Strategies: 

Network and Communication

Solution: 

WordPress has released security updates regarding this vulnerability.

Advisory Vendor: 

WordPress

Reference Title: 

File Manager 6.9 Arbitrary File Upload leading to RCE

Network Ports: 

80, 443

Reference URL: 

https://wpvulndb.com/vulnerabilities/10389

By | 2020-09-03T14:05:17+00:00 September 3rd, 2020|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment