{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T01:50:04.707","vulnerabilities":[{"cve":{"id":"CVE-2018-25105","sourceIdentifier":"security@wordfence.com","published":"2024-10-16T07:15:05.467","lastModified":"2024-10-30T18:23:57.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The  File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution."},{"lang":"es","value":"El plugin File Manager para WordPress es vulnerable a una omisión de autorización debido a una comprobación de capacidad faltante en el archivo /inc/root.php en versiones hasta la 3.0, inclusive. Esto hace posible que atacantes no autenticados descarguen archivos arbitrarios del servidor y suban archivos arbitrarios que pueden ser usados para ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"3.0","matchCriteriaId":"3C1C0E9F-2C3E-4AF5-A367-6941B5D92530"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1942390%40wp-file-manager&new=1942390%40wp-file-manager&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}