File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager
Key Information:
- Software Type: Plugin
- Software Slug: wp-file-manager
- Software Status: Active
- Software Author: mndpsingh287
- Software Downloads: 20,544,237
- Active Installs: 1,000,000
- Last Updated: March 7, 2024
- Patched Versions: 7.2.2
- Affected Versions: <= 7.2.1
Vulnerability Details:
- Name: File Manager And File Manager Pro (Multiple Versions)
- Type: Directory Traversal
- CVE: CVE-2023-6825
- CVSS Score: 9.9
- Publicly Published: March 4, 2024
- Researcher: Tobias Weißhaar
- Description: The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal via the target parameter in the mk_file_folder_manager_action_callback_shortcode function in versions up to and including 7.2.1 (free version) and 8.3.4 (Pro version). This vulnerability allows attackers to read the contents of arbitrary files on the server and upload files to unintended directories, potentially containing sensitive information. The free version requires Administrator access to exploit this vulnerability, while the Pro version can be exploited by lower-level users through a shortcode that embeds a file manager with adjustable file handling privileges.
Summary:
The File Manager plugin for WordPress has a vulnerability in versions up to and including 7.2.1 that allows for Directory Traversal attacks. This vulnerability has been patched in version 7.2.2.
Detailed Overview:
Discovered by researcher Tobias Weißhaar, this Directory Traversal vulnerability in both the File Manager and File Manager Pro plugins poses a significant risk by enabling attackers to gain unauthorized access to sensitive files on the server. It also allows for the uploading of files to directories outside the designated file upload area. The exploitation of this vulnerability could lead to a breach of sensitive information or unauthorized file manipulation, underlining the critical nature of this security flaw. The developers have responded with a patch in version 7.2.2, which addresses these concerns.
Advice for Users:
- Immediate Action: Users are strongly encouraged to update to the patched version 7.2.2 immediately.
- Check for Signs of Vulnerability: Regularly monitor your file directories for unexpected changes or additions that could indicate exploitation.
- Alternate Plugins: While the patched version is available, users may consider exploring alternative plugins offering similar functionality as a precautionary measure.
- Stay Updated: Continuously update all WordPress plugins to their latest versions to mitigate the risk of vulnerabilities.
Conclusion:
The swift action taken by the developers to release a patch for this vulnerability highlights the critical importance of keeping software up-to-date. Users should ensure their installations are updated to version 7.2.2 or later to protect their WordPress sites from potential exploitation.