WordPress File Manager Plugin – Security Vulnerability
A remote code execution vulnerability was found in the WordPress File Manager Plugin. The vulnerability can be exploited by an unauthenticated remote attacker by uploading PHP files containing web shells hidden in an image to the wp-content/plugins/wp-file-manager/lib/files/ directory. Successful exploitation can enable an attacker to execute commands and upload malicious files on a target site.
Vulnerability Problem Type:
Windows, Unix-like, Linux
WordPress wp-file-manager 6.0-6.8
WordPress wp-file-manager 6.9
Base Metrics :
Remote Code Execution
Network and Communication
WordPress has released security updates regarding this vulnerability.
File Manager 6.9 Arbitrary File Upload leading to RCE