Search criteria
4 vulnerabilities found for File Manager, Code Editor, and Backup by Managefy by softdiscover
CVE-2025-10744 (GCVE-0-2025-10744)
Vulnerability from cvelistv5 – Published: 2025-10-01 03:25 – Updated: 2025-10-01 15:00
VLAI?
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
* , ≤ 1.6.1
(semver)
|
Credits
Aurélien BOURDOIS
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T15:00:53.022154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T15:00:59.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aur\u00e9lien BOURDOIS"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T03:25:22.906Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30147e39-af94-4620-870b-71a0a46b7509?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/helpers/iprogress.php#L19"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/controllers/backup.php#L460"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3369101%40softdiscover-db-file-manager\u0026new=3369101%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T19:35:49.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "File Manager, Code editor, backup by Managefy \u003c= 1.6.1 - Unauthenticated Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10744",
"datePublished": "2025-10-01T03:25:22.906Z",
"dateReserved": "2025-09-19T19:20:39.706Z",
"dateUpdated": "2025-10-01T15:00:59.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9345 (GCVE-0-2025-9345)
Vulnerability from cvelistv5 – Published: 2025-08-28 03:42 – Updated: 2025-08-28 14:49
VLAI?
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
* , ≤ 1.4.8
(semver)
|
Credits
Đỗ Quang Huy
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:36:53.402345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:49:05.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.4.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u0110\u1ed7 Quang Huy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T03:42:45.718Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53cf99e-3136-4a1d-bbbd-ff484f1df5c3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3350045%40softdiscover-db-file-manager\u0026new=3350045%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T17:25:07.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-27T14:40:26.000+00:00",
"value": "Disclosed"
}
],
"title": "File Manager, Code Editor, and Backup by Managefy \u003c= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9345",
"datePublished": "2025-08-28T03:42:45.718Z",
"dateReserved": "2025-08-22T14:12:56.987Z",
"dateUpdated": "2025-08-28T14:49:05.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10744 (GCVE-0-2025-10744)
Vulnerability from nvd – Published: 2025-10-01 03:25 – Updated: 2025-10-01 15:00
VLAI?
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
* , ≤ 1.6.1
(semver)
|
Credits
Aurélien BOURDOIS
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T15:00:53.022154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T15:00:59.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aur\u00e9lien BOURDOIS"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T03:25:22.906Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30147e39-af94-4620-870b-71a0a46b7509?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/helpers/iprogress.php#L19"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/controllers/backup.php#L460"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3369101%40softdiscover-db-file-manager\u0026new=3369101%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T19:35:49.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "File Manager, Code editor, backup by Managefy \u003c= 1.6.1 - Unauthenticated Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10744",
"datePublished": "2025-10-01T03:25:22.906Z",
"dateReserved": "2025-09-19T19:20:39.706Z",
"dateUpdated": "2025-10-01T15:00:59.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9345 (GCVE-0-2025-9345)
Vulnerability from nvd – Published: 2025-08-28 03:42 – Updated: 2025-08-28 14:49
VLAI?
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
* , ≤ 1.4.8
(semver)
|
Credits
Đỗ Quang Huy
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:36:53.402345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:49:05.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.4.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u0110\u1ed7 Quang Huy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T03:42:45.718Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53cf99e-3136-4a1d-bbbd-ff484f1df5c3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3350045%40softdiscover-db-file-manager\u0026new=3350045%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T17:25:07.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-27T14:40:26.000+00:00",
"value": "Disclosed"
}
],
"title": "File Manager, Code Editor, and Backup by Managefy \u003c= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9345",
"datePublished": "2025-08-28T03:42:45.718Z",
"dateReserved": "2025-08-22T14:12:56.987Z",
"dateUpdated": "2025-08-28T14:49:05.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}