vulnerability

WordPress Plugin: filester: CVE-2025-0818: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:M/Au:N/C:N/I:C/A:P)	Aug 12, 2025	Aug 13, 2025	Aug 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:P)

Published

Aug 12, 2025

Added

Aug 13, 2025

Modified

Aug 14, 2025

Description

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.

Solution

filester-plugin-cve-2025-0818

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-0818
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=api-prod
CVE-2025-0818
https://attackerkb.com/topics/CVE-2025-0818
CWE-22

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today