Security for everyone

Wordpress File Manager Plugin Vulnerability CVE-2020-25213

SecurityForEveryone

Security for Everyone

03/Nov/20

A critical vulnerability was detected in WordPress's file management plugin, one of the most used content management systems. This vulnerability can lead to the complete hijacking of your website. Because it is possible to upload a harmful file to your website using this vulnerability. Attackers can take over all of your data using this malicious file. Some details of the vulnerability:

Extension Name: File Manager

Link of the plugin: https://wordpress.org/plugins/wp-file-manager/

Affected Version of Plugin: 6.0-6.8

Patched Versions: 6.9

CVE of Vulnerability: CVE-2020-25213

About to Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-25213#VulnChangeHistorySection/

Critical Level of Vulnerability: 10/0

Code of Exploitation: https://github.com/w4fz5uck5/wp-file-manager-0day


About Vulnerability

This plugin has a lot of features, including making it easier to manage files on your website. It uses an open-source piece of code for some tasks in file management. It's called elFinder. Due to a mis-implementation when using elFinder (renaming the file in elFinder), a vulnerability occurs. With using this vulnerability, it is possible to upload the desired file remotely and unauthorized to all sites using the wp-file-manager vulnerability. So, it's an unauthenticated file upload vulnerability.

This plugin has been downloaded approximately 600.000 times. We can assume that this number is much higher.

<div class="col-8">
	<h3>
		WordPress File Manager File Upload Vulnerability</h3>
	<p dir="ltr">
		With file upload vulnerabilities, attackers can upload files to the target system for their own purposes. There are many different ways of uploading files to the target system.</p>
</div>

 

The risks of file upload vulnerabilities are as follows: 

  1. With this vulnerability, attackers can save their file into all writable (permission to create a new file inside the folder)l folders. 
  2. Many operations can be performed using malicious files (known as web shell), including database connection and command execution. 
  3. Usually, attackers create more than one (back up) malicious files to access them later. 
  4. If there is such a vulnerability, historical analysis is required because there may be a malicious file left in your previous backup. 
  5. In some cases, attackers who exploit this vulnerability add malicious code at the beginning or end of the actual files. Thus, they make detection more difficult.

 

To get rid of the vulnerability, update your plugin. If you used the vulnerable version of this plugin, it would be beneficial for you to do historical analysis.


 

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture