The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Aug 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-35 |
Mon, 24 Mar 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Filemanagerpro
Filemanagerpro file Manager |
|
CPEs | cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:free:wordpress:*:* | |
Vendors & Products |
Filemanagerpro
Filemanagerpro file Manager |
Tue, 04 Mar 2025 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 26 Feb 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-35 |

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-08-27T21:02:57.367Z
Reserved: 2024-03-19T15:26:37.155Z
Link: CVE-2024-2654

Updated: 2024-08-01T19:18:48.250Z

Status : Modified
Published: 2024-04-09T19:15:35.947
Modified: 2025-08-27T21:15:44.383
Link: CVE-2024-2654

No data.

No data.