CVE-2020-25213: WordPress File Manager Plugin Remote Code Execution Vulnerability
First published: Wed Sep 09 2020(Updated: )
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webdesi9 File Manager | <6.9 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html
- https://github.com/w4fz5uck5/wp-file-manager-0day
- https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.html
- https://plugins.trac.wordpress.org/changeset/2373068
- https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
- https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
- https://wordpress.org/plugins/wp-file-manager/#developers
- https://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
- https://nvd.nist.gov/vuln/detail/CVE-2020-25213
Frequently Asked Questions
What is CVE-2020-25213?
CVE-2020-25213 is a vulnerability in the File Manager (wp-file-manager) plugin before 6.9 for WordPress that allows remote attackers to upload and execute arbitrary PHP code.
How does the File Manager (wp-file-manager) plugin vulnerability occur?
The vulnerability occurs because the plugin renames an unsafe example elFinder connector file to have the .php extension, allowing attackers to run the elFinder upload and execute arbitrary PHP code.
What software is affected by CVE-2020-25213?
The WordPress File Manager plugin version up to 6.9 and Webdesi9 File Manager are affected by this vulnerability.
What is the severity of CVE-2020-25213?
The severity of CVE-2020-25213 is critical with a severity value of 9.8.
How can I fix the CVE-2020-25213 vulnerability?
To fix the vulnerability, update the File Manager (wp-file-manager) plugin to version 6.9 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- agent/remedy
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/event
- agent/tags
- collector/nvd-cve
- vendor/webdesi9
- canonical/webdesi9 file manager
- vendor/wordpress
- canonical/wordpress file manager plugin