CVE-2025-0818 — Path Traversal in Manager PRO

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Manager PRO Ninjateam File Manager PRO Filester Saadiqbal Advanced File Manager Ultimate File Manager FOR Wordpress AND Document Library S

Timeline

PublishedAug 13

Description

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 2.2 | Impact: 4.2

Affected Packages3 packages

▶CVEListV5ninjateam/file_manager_pro_filester1.8.9

▶CVEListV5saadiqbal/advanced_file_manager_ultimate_file_manager_for_wordpress_and_document_library_s5.3.6

▶CVEListV5file_manager/file_manager_pro8.4.2

🔴Vulnerability Details

GHSA

GHSA-fhmh-jw4r-2xp9: Several WordPress plugins using elFinder versions 2↗2025-08-13

▶

CVEList

Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion↗2025-08-13

▶