PT-2025-6806 · Saadiqbal+3 · Advanced File Manager – Ultimate Wp File Manager/Document Library Solution+3

Kevin Wydler

Published

2025-02-12

Updated

2025-08-15

CVE-2025-0818

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions: elFinder versions prior to 2.1.65

Description: Several WordPress plugins utilizing elFinder are susceptible to Directory Traversal, allowing unauthenticated attackers to delete arbitrary files. Exploitation requires the site owner to make an instance of the file manager accessible to users.

Recommendations: Update elFinder to version 2.1.65 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-0818

Affected Products

Advanced File Manager – Ultimate Wp File Manager/Document Library Solution

File Manager

File Manager Pro

File Manager Pro – Filester

CVE-2025-0818

Weakness Enumeration

Related Identifiers

Affected Products

References · 18