High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin

On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated attackers to create a PHP file that could contain malicious content and be used for complete site takeover.

This post was originally published on Wordfence by István Márton.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.