PT-2025-34963 · WordPress · File Manager
Đỗ Quang Huy
·
Published
2025-08-28
·
Updated
2025-08-28
·
CVE-2025-9345
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
File Manager, Code Editor, and Backup by Managefy plugin for WordPress versions prior to 1.4.9
Description:
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 1.4.8. Authenticated attackers with Subscriber-level access or higher can potentially perform actions on files outside the intended directory through the
ajax downloadfile() function.Recommendations:
Update the File Manager, Code Editor, and Backup by Managefy plugin for WordPress to version 1.4.9 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
File Manager