Test ID:	1.3.6.1.4.1.25623.1.0.124736
Category:	Web application abuses
Title:	WordPress File Manager Plugin < 7.2.2 Multiple Vulnerabilities
Summary:	The WordPress plugin 'File Manager' is prone to multiple; vulnerabilities.
Description:	Summary: The WordPress plugin 'File Manager' is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2023-6825: Directory Traversal via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. - CVE-2024-0761: Sensitive Information Exposure due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. Affected Software/OS: WordPress File Manager plugin prior to version 7.2.2. Solution: Update to version 7.2.2 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-6825 https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023403%40wp-file-manager%2Ftrunk&old=2984933%40wp-file-manager%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve Common Vulnerability Exposure (CVE) ID: CVE-2024-0761 https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php https://wordpress.org/plugins/wp-file-manager/ https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.