VYPR
Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026No known patch

File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download

CVE-2018-25105

Description

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2018-25105 · VYPR