Major Security Flaw Patched in Popular WordPress File Manager Plugin
A significant security vulnerability has been identified and patched in the widely used File Manager plugin for WordPress, affecting over 1 million websites. Rated 8.1 out of 10 in severity, this flaw could potentially allow unauthenticated attackers to access sensitive information, including data contained in site backups.
Unauthenticated Attack Vulnerabilities
This vulnerability is particularly concerning because an attacker does not need login credentials to launch an attack. This is referred to as an unauthenticated attack.
In the context of a WordPress plugin vulnerability, an attacker can gain access to sensitive information without needing to log in or authenticate their identity. This kind of attack exploits a security gap in the File Manager plugin known as "Use of Insufficiently Random Values."
The Common Weakness Enumeration security website describes this kind of vulnerability:
“The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
When a product generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated and use this guess to impersonate another user or access sensitive information.”
This category of vulnerability arises from a weakness in the File Manager plugin’s backup filename generation algorithm. The algorithm combines a timestamp with a four-digit random number, but this level of randomization is not sufficient to prevent attackers from successfully guessing the file names. Consequently, attackers can gain access to backup files, especially in configurations where there is no .htaccess file to block access.
Use of Insufficiently Random Values Vulnerability
The "Use of Insufficiently Random Values" vulnerability type is a flaw in the plugin that relies on generating random and unpredictable file numbers to prevent attackers from guessing what a backup file name is. The plugin’s lack of sufficient randomization allows attackers to deduce the file names and gain access to sensitive information.
Vulnerable Versions of the Plugin
This security vulnerability is found in all versions up to and including 7.2.1 and was patched in the latest update of the plugin with the release of version 7.2.2.
The update, as noted in the File Manager WordPress Plugin Changelog Documentation, includes a fix for the security issue. Users of the plugin are strongly advised to update to this latest version to protect their websites from potential exploits.
For more detailed information, consult the available security advisories related to File Manager <= 7.2.1 and sensitive information exposure.
Featured Image by Shutterstock/Perfect_kebab
