Back to KEVs

CVE-2020-25213

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 09, 2020
Published Date: September 09, 2020
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-04-03 13:52:21 UTC) Source

References

https://wordpress.org/plugins/wp-file-manager/#developers https://github.com/w4fz5uck5/wp-file-manager-0day https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.html https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/ https://plugins.trac.wordpress.org/changeset/2373068 https://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/ https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/ http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_file_manager_rce.rb	2025-04-29 11:01:24 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-25213.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

wp_file_manager_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2020-25213

E1tex/Python-CVE-2020-25213

Type: github • Created: 2023-08-02 09:06:13 UTC • Stars: 3

Python Interactive Exploit for WP File Manager Vulnerability. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension.

BLY-Coder/Python-exploit-CVE-2020-25213

Type: github • Created: 2023-01-22 16:54:25 UTC • Stars: 6

Python exploit for RCE in Wordpress

piruprohacking/CVE-2020-25213

Type: github • Created: 2021-04-03 13:52:21 UTC • Stars: 0

mansoorr123/wp-file-manager-CVE-2020-25213

Type: github • Created: 2020-10-10 17:50:01 UTC • Stars: 57

https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8