QID 150830
Date Published: 2024-03-13
QID 150830: WordPress File Manager Plugin: Directory Traversal Vulnerability (CVE-2023-6825)
File Manager is a WordPress plugin which allows users to edit, delete, upload, download, zip, copy and paste files and folders directly from the WordPress backend.
Affected version of File Manager is vulnerable to a Directory Traversal Vulnerability via the target parameter in the "mk_file_folder_manager_action_callback_shortcode" function.
Affected Versions:
File Manager prior to version 7.2.2
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of File Manager plugin running on the target WordPress application.
Successful exploitation of this vulnerability could allow an attacker to read the contents of arbitrary files on the server, potentially exposing sensitive information, and to upload files into directories other than the intended directory for file uploads.
- File Manager Changelog -
wordpress.org/plugins/wp-file-manager/#developers
CVEs related to QID 150830
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| File Manager Changelog |
|