Описание
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
EPSS
Процентиль: 18%
0.00058
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.9
github
5 месяцев назад
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
EPSS
Процентиль: 18%
0.00058
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-22