Directory traversal issue not resolved in v.7.2.6

  • Resolved grahamthomas

    (@grahamthomas)


    7 months ago

    Recently I found I couldn’t upload files via WP File Manager. Our web host (Kualo in London) support person located the problem as the CVE-2023-6825 vulnerability (directory traversal):

    “It appears the request from the wp file manager was hitting a web application firewall rule that is protecting the server/account from Directory Traversal Vulnerability in File Manager And File Manager Pro < 7.2.2 (CVE-2023-6825).”

    He suggested we update WP File Manager to v.7.2.6 – but we were already using that version.

    Kualo have now whitelisted this rule for our account, which seems to have fixed our problem and enabled uploads again. But I guess this isn’t the optimal solution. They suggested I report that the file traversal issue hasn’t been resolved in v.7.2.6 to this forum, so this is what I’m doing.

    Sorry – I don’t have the knowledge to provide any further technical information on this.

    Graham

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support File Manager Support

    (@filemanagersupport)

    Hello Graham,

    We hope you are doing well, and we apologize for any inconvenience this may have caused.
    We understand the importance of security and reliability when it comes to file management on the website.

    We want to assure you that the CVE-2023-6825 vulnerability issue you mentioned has already been addressed and resolved in the subsequent releases of WP File Manager 7.2.2. and WP File Manager Pro version 8.3.5. We have cooperated with Wordfence security team and they have confirmed this fix.

    To verify this, you can visit the following link on the Wordfence website:
    https://www.wordfence.com/threat-intel/vulnerabilities/detail/file-manager-and-file-manager-pro-multiple-versions-directory-traversal.

    Additionally, there is a detailed blog post on the Wordfence website discussing this issue and its resolution.

    We recommend contacting your hosting provider and requesting that they whitelist the WP File Manager plugin now that the issue has been fixed. This should ensure smooth and secure file uploads without any further interruptions.

    Thank you for your understanding.

    Best regards,
    WP File Manager Support

    Thread Starter grahamthomas

    (@grahamthomas)

    Thanks for that quick response. I have passed on your message to our hosting provider. Obviously it will be up to them to decide how to respond.

    Graham

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Directory traversal issue not resolved in v.7.2.6’ is closed to new replies.