PT-2025-27167 · WordPress · File Manager Plugin For Wordpress
0Xd4Rk5Id3
·
Published
2025-06-27
·
Updated
2025-06-27
·
CVE-2025-53260
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
File Manager Plugin For Wordpress versions prior to 7.5
Description:
The issue allows attackers to upload dangerous files, including web shells, to a web server, compromising its security. This is due to an Unrestricted Upload of File with Dangerous Type vulnerability in the getredhawkstudio File Manager Plugin For Wordpress.
Recommendations:
For versions prior to 7.5, update to version 7.5 to fix the issue. As a temporary workaround, consider restricting file upload capabilities to prevent the upload of dangerous file types until the update can be applied.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
File Manager Plugin For Wordpress