CVE-2023-6825

high-risk
Published 2024-03-13

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.

Do I need to act?

!
71.0% chance of exploitation in next 30 days
EPSS score — higher than 29% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Mndpsingh287

References (6)

Product https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class...
Patch https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new...
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd...
Product https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class...
Patch https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new...
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd...
59
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 19/34 · Moderate
Exposure 7/34 · Low