File Manager Vulnerability – Sensitive Information Exposure via Backup Filenames – CVE-2024-0761 | WordPress Plugin Vulnerability Report

Plugin Name: File Manager

Key Information:

  • Software Type: Plugin
  • Software Slug: wp-file-manager
  • Software Status: Active
  • Software Author: mndpsingh287
  • Software Downloads: 19,681,705
  • Active Installs: 1,000,000
  • Last Updated: January 22, 2024
  • Patched Versions: 7.2.2
  • Affected Versions: <= 7.2.1

Vulnerability Details:

  • Name: File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames
  • Title: Sensitive Information Exposure via Backup Filenames
  • Type: Use of Insufficiently Random Values
  • CVE: CVE-2024-0761
  • CVSS Score: 8.1 (High)
  • Publicly Published: January 22, 2024
  • Researcher: Yuki Haruma
  • Description: The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.

Summary:

The File Manager for WordPress has a vulnerability in versions up to and including 7.2.1 that could allow unauthenticated attackers to access sensitive data including site backups due to predictable backup filenames. This vulnerability has been patched in version 7.2.2.

Detailed Overview:

The File Manager plugin is vulnerable due to insufficient randomness in the backup filenames generated, which use only a timestamp and 4 random digits. This predictable pattern makes it possible for attackers to easily guess backup filenames and access sensitive data if the directory is not properly restricted. The vulnerability impacts all versions up to and including 7.2.1. It was publicly disclosed by researcher Yuki Haruma on January 22, 2024 and has been patched by the developers in version 7.2.2. This vulnerability, tracked as CVE-2024-0761, has a relatively high CVSS score of 8.1 out of 10 due to the sensitive nature of the exposed data. Users are strongly advised to update as soon as possible.

Advice for Users:

  1. Immediate Action: Update to version 7.2.2 or later immediately
  2. Check for Signs of Vulnerability: Review web server access logs for any unexpected access of backup files
  3. Alternate Plugins: Consider alternate file manager plugins like WP File Manager or Enhanced File Manager as a precaution
  4. Stay Updated: Always keep plugins updated and use auto-updates where possible to get security fixes

Conclusion:

The prompt update from the File Manager developers to address this predictable backup filename vulnerability is an important security fix for the large user base. Users should urgently update to version 7.2.2 to prevent any potential unauthorized access or data loss.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-file-manager

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-file-manager/file-manager-721-sensitive-information-exposure-via-backup-filenames

Detailed Report:

Keeping your WordPress website secure should be a top priority – vulnerabilities in widely used plugins can put your site at risk if left unpatched. A recently disclosed vulnerability called “Sensitive Information Exposure via Backup Filenames” in the popular File Manager plugin is the latest urgent reminder that sites depend on staying updated.

The File Manager plugin, with over 19 million downloads and 1 million active installs, allows WordPress admins to manage files and folders on their server through the dashboard. However, all versions up to and including 7.2.1 contain a critical vulnerability (CVE-2024-0761) that takes advantage of predictable backup filenames generated by the plugin. This allows unauthenticated remote attackers to easily access administrative backups and other sensitive data if the directory is not properly restricted.

The vulnerability exists because the plugin uses only a simple timestamp and 4 random digits when generating backup zip file names stored on the server. This insufficient randomness makes the filenames quite predictable, especially over short time periods. By iterating through possible timestamps and 4-digit combinations, attackers can easily guess filenames correctly and access any unprotected archives that contain backups, exports and other sensitive data.

This is a serious vulnerability that was given a CVSS severity score of 8.1 out of 10 due to the sensitive nature of the exposed data. Attackers could potentially obtain administrative access, inject malware, steal data, and fully compromise vulnerable websites. Researcher Yuki Haruma privately disclosed the issue which was addressed in File Manager version 7.2.2 released on January 22nd, 2024.

So what should vulnerable website owners do?

First and foremost, immediately update the File Manager plugin to the latest secure version which is 7.2.2 or higher. However, if your site was already compromised, simply updating may not be enough. Here are some additional important steps to take:

  • Review server access logs to check for signs of compromise
  • Change all WordPress admin passwords as a precaution
  • Revoke and reset API keys / tokens if in use
  • Scan for malware and clean up affected systems

This vulnerability is unfortunately not the first for the File Manager plugin – there have been 8 other vulnerabilities disclosed since September 2018 that allowed exploits like arbitrary file deletion, stored XSS and remote code execution.

As a business owner, you don't have time to constantly monitor for WordPress vulnerabilities like this. At Your WP Guy, we become your outsourced IT team to handle security, updates, maintenance and support. Let us fully audit your site and plugins to assess any impact from this issue. We'll update everything to patched versions so you can rest easy knowing your site is locked down.

Focus on your business goals while we focus on your WordPress site's security. Chat with us anytime during business hours, schedule a call or call 678-995-5169 for a free consultation on securing your online presence.

File Manager Vulnerability - Sensitive Information Exposure via Backup Filenames - CVE-2024-0761 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment