File Manager, Code Editor, and Backup by Managefy Path Traversal Vulnerability Allowing Arbitrary File Download
Vulnerability
A path traversal vulnerability has been identified in the File Manager, Code Editor, and Backup by Managefy plugin for WordPress, affecting all versions through 1.4.8. The vulnerability arises in the ajax_downloadfile() function, where authenticated attackers with Subscriber-level access or higher can manipulate file paths to access and download files outside the intended directory.
Impact
Exploitation of this vulnerability allows for unauthorized access to files outside the designated directory, potentially leading to the disclosure of sensitive information.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the ajax_downloadfile() function. The request must include a manipulated file name parameter that exploits the path traversal vulnerability, such as by using relative path traversal sequences to access files outside the intended directory.
Remediation
Users are advised to update the plugin to version 1.5.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.