WordPress Plugin 'File Manager' elFinder Remote Code Execution

critical Nessus Plugin ID 140466

Synopsis

The remote WordPress application has a plugin installed that is vulnerable to a remote code execution vulnerability.

Description

The WordPress application running on the remote host has a version of the 'File Manager' plugin that is affected by a remote code execution vulnerability due to improper inclusion of elFinder. An unauthenticated, remote attacker can exploit this, by sending a specially crafted request to the connector.minimal.php file, to gain remote code execution on the vulnerable WordPress site.

Solution

Upgrade the WordPress 'File Manager' plugin to version 6.9 or later.

See Also

http://www.nessus.org/u?53de38d7

Plugin Details

Severity: Critical

ID: 140466

File Name: wordpress_plugin_wp_file_manager_elfinder_rce.nbin

Version: 1.71

Type: remote

Family: CGI abuses

Published: 9/10/2020

Updated: 11/22/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

CVSS Score Rationale: No cve available for this vulnerability.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Patch Publication Date: 9/1/2020

Vulnerability Publication Date: 9/1/2020