Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-25213

Published: 09/09/2020 Updated: 03/04/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 672
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Webdesi9

Vulnerability Summary

The File Manager (wp-file-manager) plugin prior to 6.9 for WordPress allows remote malicious users to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows malicious users to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

webdesi9 file manager

Exploits

Exploit DB: WordPress File Manager 6.8 Remote Code Execution
The WordPress File Manager (wp-file-manager) plugin versions 60 through 68 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the php extension This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the w ...
Exploit DB: WordPress File Manager 6.9 Shell Upload
WordPress File Manager plugin versions 60 through 69 suffer from a remote shell upload vulnerability ...

Github Repositories

https://github.com/w4fz5uck5/wp-file-manager-0day

wp-file-manager 6.7 (Aug 2020) Wordpress Plugin 0day - Remote Code Execution

CVE-2020-25213 wp-file-manager 67 (20th Aug 2020) Wordpress Plugin 0day elFinder vulnerability is a well-know vulnerability, my script only changes path to "/wp-content/plugins/wp-file-manager/" Stop requesting fixes in script or something else for me RTFM References: wwwexploit-dbcom/exploits/46481 wwwexploit-dbcom/exploits/46539 twi

https://github.com/BLY-Coder/Python-exploit-CVE-2020-25213

Python exploit for RCE in Wordpress

Description The File Manager (wp-file-manager) plugin before 69 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the php extension This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-ma

https://github.com/Carmofrasao/TCC

TCC Container engine (comunicação): Identificar uma maneira de coletar informações de uma aplicação que esteja rodando dentro do ambiente de container Seguindo a segunda e terceira proposta do artigo ISCC2021 (a ideia é ficar dentro do ambiente do container) Plugin que permite coletar informações/interaç&ot

https://github.com/Aron-Tn/0day-elFinder-2020

Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )

Zero-Day Vulnerability in File Manager Plugin 67 ( CVE 2020-25213 ) Exploit : Mass 0Day Shell Upload - wp-file-manager 67 Installation : How To Use ? python3 0daypy 📧 Contact : You Want Ask About All My Tools Or Buy Tools/Exploits Private Add Me On : [+] Email : arontnofficial@gmailcom [+] facebook : wwwface

https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213

https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8

WP-file-manager expoit CVE-2020-25213 WP-file-manager wordpress plugin (<69) vulnerable to unauthenticated arbitary file upload resulting in full compromise of the system For More more details refer to my writeup published here Disclaimer I haven't discovered this vulnerability & neither taking any credits of this CVE I have only created the expl

https://github.com/LeoPer02/IDS-Dataset

Automation of attacks and logging of their system call footprint

IDS-Dataset project Table of Contents Background and Motivation Approaching the problem Explaining the attacks: General Idea Attacker Side Victim Side Installation Creating the virtual machine Setup Victim Setup Attacker Troubleshooting Executing the setup script throws an error during an apt/apt-get install: Server returns error when using custom module: Backgrou

https://github.com/electronforce/py2to3

Goal of this repo is to convert exploit-db python2 scripts to python3

py2to3 led | 10th March, 2021 The purpose of this repo is to convert python2 exploits and scripts to python as the support for python2 has dropped Table of contents CVE-2020-25213 CVE-2018-17057 CVE-2020-25213 The File Manager (wp-file-manager) plugin before 69 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe exa

https://github.com/aron-tn/0day-elFinder-2020

Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )

Zero-Day Vulnerability in File Manager Plugin 67 ( CVE 2020-25213 ) Exploit : Mass 0Day Shell Upload - wp-file-manager 67 Installation : How To Use ? python3 0daypy 📧 Contact : You Want Ask About All My Tools Or Buy Tools/Exploits Private Add Me On : [+] Email : arontnofficial@gmailcom [+] facebook : wwwface

https://github.com/E1tex/Python-CVE-2020-25213

Python Interactive Exploit for WP File Manager Vulnerability. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension.

Python-CVE-2020-25213 Python Interactive Exploit for WP File Manager Vulnerability The File Manager (wp-file-manager) plugin before 69 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the php extension The script uses the argparse, requests, re, sys, os, json, and random Pytho

https://github.com/alexchun1011/colab

colab wpscan --url 19216880133:8000/ --api-token NMtjfXnMnhiNDVIAMES84ZqNDwhvJMoxtnsq9w9QqSg --plugins-version-detection aggressive githubcom/mansoorr123/wp-file-manager-CVE-2020-25213 /wp-file-manager-exploitsh -u 19216880133:8000 --check /wp-file-manager-exploitsh -u 19216880133:8000 -f ~/v10cr/wp/wp-file-manager-CVE-2020-25213/shell

https://github.com/Nguyen-id/CVE-2020-25213

CVE-2020-25213

https://github.com/3xPr1nc3/wp-file-manager-exploit

WP-File-Manager Unrestricted File Upload Vulnerability! Python2 Coder is not responsible for any illegal usage! CVE : CVE-2020-25213 Date : 11-09-2020 Usage : python exploitpy ICQ : @theseller

References

CWE-434https://plugins.trac.wordpress.org/changeset/2373068https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.htmlhttps://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/https://wordpress.org/plugins/wp-file-manager/#developershttps://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/https://github.com/w4fz5uck5/wp-file-manager-0dayhttp://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.htmlhttps://github.com/w4fz5uck5/wp-file-manager-0day
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook