The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
Metrics
Affected Vendors & Products
References
History
Thu, 28 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 28 Aug 2025 04:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. | |
Title | File Manager, Code Editor, and Backup by Managefy <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-08-28T14:49:05.815Z
Reserved: 2025-08-22T14:12:56.987Z
Link: CVE-2025-9345

Updated: 2025-08-28T13:36:55.720Z

Status : Awaiting Analysis
Published: 2025-08-28T04:16:03.687
Modified: 2025-08-29T16:24:09.860
Link: CVE-2025-9345

No data.

No data.