CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0761 – File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames
https://notcve.org/view.php?id=CVE-2024-0761
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access. El complemento File Manager para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 7.2.1 incluida, debido a una aleatoriedad insuficiente en los nombres de los archivos de respaldo, que utilizan una marca de tiempo más 4 dígitos aleatorios. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidas copias de seguridad del sitio, en configuraciones donde el archivo .htaccess en el directorio no bloquea el acceso. • https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php https://wordpress.org/plugins/wp-file-manager https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24177 – WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24177
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. En la configuración predeterminada del plugin de WordPress File Manager versiones anteriores a 7.1, un ataque de tipo XSS reflejado puede ocurrir en el endpoint /wp-admin/admin.php?page=wp_file_manager_properties cuando es enviada una carga útil en el parámetro User-Agent. • https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i https://plugins.trac.wordpress.org/changeset/2476829 https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 14CVE-2020-25213 – WordPress File Manager Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25213
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. El complemento File Manager (wp-file-manager) versiones anteriores a 6.9 para WordPress, permite a atacantes remotos cargar y ejecutar código PHP arbitrario porque cambia el nombre de un archivo de conector elFinder de ejemplo no seguro para que tenga la extensión .php. Esto, por ejemplo, permite a atacantes ejecutar el comando elFinder upload (o mkfile y put) para escribir código PHP en el directorio wp-content/plugins/wp-file-manager/lib/files/. • https://www.exploit-db.com/exploits/49178 https://www.exploit-db.com/exploits/51224 https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213 https://github.com/BLY-Coder/Python-exploit-CVE-2020-25213 https://github.com/b1ackros337/CVE-2020-25213 https://github.com/piruprohacking/CVE-2020-25213 https://github.com/Nguyen-id/CVE-2020-25213 https://github.com/0000000O0Oo/Wordpress-CVE-2020-25213 https://github.com/forse01/CVE-2020-25213-Wordpress https://github.com/E1tex/ • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-24312 – WP File Manager <= 6.4 - Unauthenticated Resource Access to Site Backups
https://notcve.org/view.php?id=CVE-2020-24312
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. mndpsingh287 WP File Manager versiones v6.4 y anteriores, no restringen el acceso externo al directorio fm_backups con un archivo .htaccess. Esto resulta en la posibilidad para unos usuarios no autenticados de examinar y descargar unas copias de seguridad del sitio, que a veces incluyen copias de seguridad completas de la base de datos, que ha tomado el plugin • https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16967 – File Manager <= 3.0 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16967
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. El plugin mndpsingh287 File Manager para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parametro page=wp_file_manager_root public_path. There is an XSS vulnerability in the File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. • https://ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html https://wordpress.org/plugins/wp-file-manager/#developers https://wpvulndb.com/vulnerabilities/9614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •