WP File Manager <= 5.0 - Multiple Vulnerabilities



Description
The multiple vulnerabilities exist due to not checking the authentication of the user properly in the wp_ajax_* action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any user role.

Edit (WPScanTeam):
Original advisory reported fixed in 4.9, however the 4.9 was missing CSRF checks, which have been added in 5.1

Affects Plugin

fixed in version 5.2

References

URL https://www.webarxsecurity.com/wordpress-plugin-file-manager-multiple-vulnerabilities/

Classification

Type MULTI

Miscellaneous

Original Researcher WebARX
Submitter Dave
Submitter Website https://www.webarxsecurity.com/
Submitter Twitter webarx_security
Views 2977
Verified No
WPVDB ID 9446

Timeline

Publicly Published 2019-07-10 (2 months ago)
Added 2019-07-10 (2 months ago)
Last Updated 2019-07-12 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin