File Manager < 5.2 – Multiple Vulnerabilities | Plugin Vulnerabilities

Description

Multiple vulnerabilities exist due to not checking the authentication of the user properly in the wp_ajax_* action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any user role.

Edit (WPScanTeam):
Original advisory reported fixed in 4.9, however the 4.9 was missing CSRF checks, which have been added in 5.1

Affects Plugins

wp-file-manager

Fixed in 5.2

References

URL

https://www.webarxsecurity.com/wordpress-plugin-file-manager-multiple-vulnerabilities/

Miscellaneous

Original Researcher

WebARX

Submitter

Dave

Submitter website

https://www.webarxsecurity.com/

Submitter twitter

webarx_security

Verified

No

WPVDB ID

6f1a4455-051c-4f10-b0cb-e0d29e401c9e

Timeline

Publicly Published

2019-07-10 (about 6 years ago)

Added

2019-07-10 (about 6 years ago)

Last Updated

2020-08-26 (about 5 years ago)

Other

Published

Title

Published

2020-02-24

Title

Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy

Published

2019-06-08

Title

Breadcrumbs by menu < 1.0.3 - Multiple Issues

Published

2016-10-11

Title

CampTix Event Ticketing <= 1.5.0 - CSV Injection Bypasses and XSS

Published

2019-07-29

Title

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

Published

2019-09-20

Title

Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export