CVE-2022-47599 – WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2022-47599
Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7. Vulnerabilidad de deserialización de datos no confiables en File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager complemento para Wordpress | Bit File Manager. Este problema afecta a File Manager – 100% Free & Open Source File Manager complemento para Wordpress | Bit File Manager : desde n/a hasta 5.2.7. The Bit File Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.2.7 via deserialization of untrusted input from the 'language' setting parameter. This allows authenticated attackers, with administrative privileges and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/file-manager/wordpress-bit-file-manager-100-free-file-manager-for-wordpress-plugin-5-2-7-php-object-injection?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2018-25030 – Mirmay Secure Private Browser / File Manager Auto Lock improper authentication
https://notcve.org/view.php?id=CVE-2018-25030
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. Se ha encontrado una vulnerabilidad clasificada como problemática en Mirmay Secure Private Browser y File Manager versiones hasta 2.5. • https://vuldb.com/?id.106056 https://www.scip.ch/en/?labs.20180201 https://youtu.be/cd6nbos-BI0 • CWE-287: Improper Authentication CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-24177 – WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24177
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. En la configuración predeterminada del plugin de WordPress File Manager versiones anteriores a 7.1, un ataque de tipo XSS reflejado puede ocurrir en el endpoint /wp-admin/admin.php?page=wp_file_manager_properties cuando es enviada una carga útil en el parámetro User-Agent. • https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i https://plugins.trac.wordpress.org/changeset/2476829 https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25213 – WordPress File Manager Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25213
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. El complemento File Manager (wp-file-manager) versiones anteriores a 6.9 para WordPress, permite a atacantes remotos cargar y ejecutar código PHP arbitrario porque cambia el nombre de un archivo de conector elFinder de ejemplo no seguro para que tenga la extensión .php. Esto, por ejemplo, permite a atacantes ejecutar el comando elFinder upload (o mkfile y put) para escribir código PHP en el directorio wp-content/plugins/wp-file-manager/lib/files/. • https://www.exploit-db.com/exploits/49178 https://www.exploit-db.com/exploits/51224 https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213 https://github.com/BLY-Coder/Python-exploit-CVE-2020-25213 https://github.com/b1ackros337/CVE-2020-25213 https://github.com/piruprohacking/CVE-2020-25213 https://github.com/Nguyen-id/CVE-2020-25213 https://github.com/0000000O0Oo/Wordpress-CVE-2020-25213 https://github.com/forse01/CVE-2020-25213-Wordpress https://github.com/E1tex/ • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-24312 – WP File Manager <= 6.4 - Unauthenticated Resource Access to Site Backups
https://notcve.org/view.php?id=CVE-2020-24312
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. mndpsingh287 WP File Manager versiones v6.4 y anteriores, no restringen el acceso externo al directorio fm_backups con un archivo .htaccess. Esto resulta en la posibilidad para unos usuarios no autenticados de examinar y descargar unas copias de seguridad del sitio, que a veces incluyen copias de seguridad completas de la base de datos, que ha tomado el plugin • https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1 • CWE-552: Files or Directories Accessible to External Parties •