logo_clicknbuy.png

CVE-2025-0818 – elFinder WordPress Plugin Directory Traversal Vulnerability

The following table lists the changes that have been made to the
CVE-2025-0818 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 13, 2025

    Action Type Old Value New Value
    Added Description Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
    Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
    Added CWE CWE-22
    Added Reference https://github.com/Studio-42/elFinder
    Added Reference https://github.com/Studio-42/elFinder/blob/master/php/elFinder.class.php#L5367
    Added Reference https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/library/php/elFinder.class.php#L5411
    Added Reference https://plugins.trac.wordpress.org/browser/filester/trunk/includes/File_manager/lib/php/elFinder.class.php#L5378
    Added Reference https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/lib/php/elFinder.class.php
    Added Reference https://plugins.trac.wordpress.org/changeset/3319016/filester
    Added Reference https://plugins.trac.wordpress.org/changeset/3335715/file-manager-advanced/trunk/application/library/php/elFinder.class.php
    Added Reference https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a166de-3bdf-4883-91ba-655f2757c53b?source=cve
Share the Post:

Related Posts