vendor:
WP-file-manager
by:
BLY
9.8
CVSS
CRITICAL
Unauthenticated Arbitrary File Upload leading to RCE
434
CWE
Product Name: WP-file-manager
Affected Version From: 6
Affected Version To: 6.9
Patch Exists: YES
Related CWE: CVE-2020-25213
CPE: 2.3:a:wordpress:wp-file-manager
Tags: wordpress,rce,kev,fileupload,intrusive,packetstorm,cve,cve2020
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References:
https://plugins.trac.wordpress.org/changeset/2373068, https://github.com/w4fz5uck5/wp-file-manager-0day, https://nvd.nist.gov/vuln/detail/CVE-2020-25213, http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html, http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html
Nuclei Metadata: {'max-request': 1, 'framework': 'wordpress', 'vendor': 'webdesi9', 'product': 'file_manager'}
Platforms Tested: Debian
2023
WP-file-manager v6.9 – Unauthenticated Arbitrary File Upload leading to RCE
This exploit allows an attacker to upload a malicious PHP file to the vulnerable WordPress plugin WP-file-manager v6.9. This malicious file can then be used to execute arbitrary commands on the server.
Mitigation:
Update to the latest version of the WP-file-manager plugin.