Medium severity6.5NVD Advisory· Published Aug 13, 2025· Updated Jun 17, 2026
CVE-2025-0818
CVE-2025-0818
Description
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/Studio-42/elFinder/blob/master/php/elFinder.class.phpnvd
- plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.phpnvd
- plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.phpnvd
- plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.phpnvd
- plugins.trac.wordpress.org/changeset/3319016/filesternvd
- plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.phpnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53bnvd
News mentions
0No linked articles in our index yet.