CVE-2025-0818 - Vulnerability Details

- Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion

Description

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.

Published: 2025-08-13

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from a directory traversal flaw in elFinder classes used by several WordPress plugins. An attacker who can reach the exposed file manager instance can craft a path that deletes files outside of the intended workspace, allowing removal of any file on the server. The flaw has a CWE‑22 designation, and because it does not involve credential compromise, the primary impact is loss of integrity and availability of protected files.

Affected Systems

Products impacted include File Manager Pro, ninjateam’s Filester, and saadiqbal’s Advanced File Manager Ultimate File Manager for WordPress. All affected plugins incorporate elFinder 2.1.64 or older versions, which implement the vulnerable directory handling logic.

Risk and Exploitability

The CVSS score of 6.5 reflects a moderate severity, while an EPSS score of <1% assigns a low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Attackers need only unauthenticated access to the file manager URL and the tool must be made publicly accessible; the flaw can be exploited remotely over the web and permits deletion of arbitrary files.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ninjateam

File Manager Pro – Filester

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.8.9

saadiqbal

Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution

unaffected

Version	Status	Constraints
`0`	affected	≤ 5.3.6

File Manager

File Manager Pro

unaffected

Version	Status	Constraints
`0`	affected	≤ 8.4.2

No data.

Vendor	Product	Confidence	Versions
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the WordPress plugins (File Manager Pro, Filester, Advanced File Manager) to their latest releases that contain the fixed elFinder code.
If an update is not possible, secure the file manager by enforcing authentication or removing it from publicly exposed URLs.
As a temporary measure, restrict the elFinder root to a safe directory, enable readOnly for delete actions, and whitelist allowed paths to inhibit deletion outside the intended workspace.

Generated by OpenCVE AI on June 18, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-24540	Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00697.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/Studio-42/elFinder
https://github.com/Studio-42/elFinder/blob/master/php/elFinder.class.php#L5367
https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.php#L5411
https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.php#L5378
https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.php
https://plugins.trac.wordpress.org/changeset/3319016/filester
https://plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=cve

History

Thu, 14 Aug 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress
Vendors & Products		Wordpress Wordpress wordpress

Wed, 13 Aug 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 13 Aug 2025 04:00:00 +0000

Type	Values Removed	Values Added
Description		Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Title		Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion
Weaknesses		CWE-22
References		https://github.com/Studio-42/elFinder https://github.com/Studio-42/elFinder/blob/master/php/elFinder.class.php#L5367 https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.php#L5411 https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.php#L5378 https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.php https://plugins.trac.wordpress.org/changeset/3319016/filester https://plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.php https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=cve
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L'}`

Subscriptions

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-08-13T03:42:04.514Z

Updated: 2026-04-08T17:20:11.705Z

Reserved: 2025-01-28T21:23:43.968Z

Link: CVE-2025-0818

Vulnrichment

Updated: 2025-08-13T14:01:49.584Z

NVD

Status : Deferred

Published: 2025-08-13T04:16:08.373

Modified: 2026-06-17T08:27:11.783

Link: CVE-2025-0818

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-18T06:30:16Z

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object