CVE-2025-3234

Name of the Vulnerable Software and Affected Versions File Manager Pro – Filester plugin for WordPress versions 1.8.8 and earlier

Description The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users, including subscribers, which would make this vulnerability more severe on such sites.

Recommendations For versions 1.8.8 and earlier, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the file manager functionality to only necessary users until a patch is available. Restrict file uploads to only necessary file types to minimize the risk of exploitation.