CVE-2020-25213
CVE-2020-25213
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 10EPSS 97.3%KEV simPoC públicaNuclei simMetasploit simPatch —
Lifecycle
09 Sep 2020Metasploit module available
09 Sep 2020Published on NVD
10 Oct 2020Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
The File Manager plugin for WordPress allows attackers to upload and execute malicious PHP code on the website. An unsafe configuration file was renamed to enable this attack, giving attackers full control over the server.
Technical detail
The plugin's elFinder connector file is insecurely configured, allowing remote attackers to exploit the upload, mkfile, and put commands to write arbitrary PHP files to wp-content/plugins/wp-file-manager/lib/files/. No authentication is required, and successful exploitation grants remote code execution with web server privileges.
Summary generated and translated by AI from the official description.
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
Affected products
n/a · n/apublic PoCs found — 14
githubgithub.com/mansoorr123/wp-file-manager-CVE-2020-25213★ 58githubgithub.com/BLY-Coder/Python-exploit-CVE-2020-25213★ 6githubgithub.com/E1tex/Python-CVE-2020-25213★ 3githubgithub.com/kakamband/WPKiller★ 1githubgithub.com/Cmadhushanka/wordpress-rce-vapt-cve-2020-25213★ 0githubgithub.com/0000000O0Oo/Wordpress-CVE-2020-25213★ 0githubgithub.com/piruprohacking/CVE-2020-25213★ 0githubgithub.com/b1ackros337/CVE-2020-25213★ 0githubgithub.com/KienHoSD/wp-file-manager-exploit-CVE-2020-25213-with-Zerologon★ 0githubgithub.com/forse01/CVE-2020-25213-Wordpress★ 0cve_referencepacketstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.htmlunverifiedcve_referencepacketstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51224unverifiedexploitdbwww.exploit-db.com/exploits/49178unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.htmlhttps://github.com/w4fz5uck5/wp-file-manager-0dayhttps://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.htmlhttps://plugins.trac.wordpress.org/changeset/2373068https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/https://wordpress.org/plugins/wp-file-manager/#developershttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25213https://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/