8.1
CVE-2024-0761
- EPSS 0.44%
- Veröffentlicht 05.02.2024 22:16:04
- Zuletzt bearbeitet 24.03.2025 14:32:35
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginFile Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.
Mögliche Gegenmaßnahme
File Manager: Update to version 7.2.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
File Manager
Version
*-7.2.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Filemanagerpro ≫ File Manager SwPlatformwordpress Version <= 7.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.623 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.