CVE-2025-0818 Information

Aug 14, 2025 cve

Description

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Reference

https://github.com/Studio-42/elFinder https://github.com/Studio-42/elFinder/blob/master/php/elFinder.class.php#L5367 https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.php#L5411 https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.php#L5378 https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.php https://plugins.trac.wordpress.org/changeset/3319016/filester https://plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.php https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=cve

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

LOW

Base Severity

6.5

CNNVD-202508-1349 (Published: 2025-08-13)

Share on:

CVE-2025-0818 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD