Description
WordPress Plugin File Manager is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin File Manager version 6.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.9 or latest
References
https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
https://plugins.svn.wordpress.org/wp-file-manager/trunk/readme.txt
Related Vulnerabilities
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33325)
WordPress Plugin WP JS Cross-Site Scripting (2.0.6)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-1856)
WordPress Plugin Category and Page Icons Multiple Vulnerabilities (0.9.1)