Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-08-13
CVE-2025-0818 - Wp File Manager Plugin
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
PLUGIN
Wp File Manager
CVE-2025-0818
Risk Score
Threat Entry
Updated 2025-09-29
CVE-2024-2654 - Wp File Manager Plugin
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.
PLUGIN
Wp File Manager
CVE-2024-2654
Risk Score
Threat Entry
Updated 2025-03-24
CVE-2024-0761 - Wp File Manager Plugin
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.
PLUGIN
Wp File Manager
CVE-2024-0761
Risk Score