High severity8.1NVD Advisory· Published Feb 5, 2024· Updated Apr 8, 2026

CVE-2024-0761

Description

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.

Affected products

Filemanagerpro/File Manager
cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:*
Range: <=7.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.phpnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176nvdThird Party Advisory
wordpress.org/plugins/wp-file-manager/nvdProduct

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000