CVE-2024-7627

Name of the Vulnerable Software and Affected Versions Bit File Manager plugin for WordPress versions 6.0 through 6.5.5

Description The issue is related to Remote Code Execution. This occurs due to the plugin writing a temporary file to a publicly accessible directory before performing file validation, specifically through the checkSyntax function. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.

Recommendations For versions 6.0 through 6.5.5, consider disabling the checkSyntax function as a temporary workaround until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially if Guest User read permissions are enabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.