CVE-2020-25213 — WordPress File Manager Plugin Remote Code Execution Vulnerability

2021-11-03 • CISA Known Exploited Vulnerability

[event] WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.

> AFFECTED SOFTWARE

Field	Value
Vendor	WordPress
Product	File Manager Plugin
CWE	CWE-434
CVE ID	CVE-2020-25213
Date Added	2021-11-03
Due Date	2022-05-03
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-05-03

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-25213