CVE-2025-3234 — Unrestricted File Upload in File Manager PRO Filester

CWE-434 — Unrestricted File Upload CWE-122 — Heap-based Buffer Overflow4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.4%

top 19.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ninjateam File Manager PRO Filester

Timeline

PublishedJun 14

Description

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5ninjateam/file_manager_pro_filester1.8.8

🔴Vulnerability Details

GHSA

GHSA-m4f9-j244-5hfh: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to↗2025-06-14

▶

CVEList

File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload↗2025-06-14

▶

📋Vendor Advisories

Microsoft

Heap-based Buffer Overflow in vim/vim↗2022-09-13

▶