Search
Find a vulnerability
Search criteria
4 vulnerabilities found for File Manager, Code Editor, and Backup by Managefy by softdiscover
CVE-2025-10744 (GCVE-0-2025-10744)
Vulnerability from nvd – Published: 2025-10-01 03:25 – Updated: 2026-04-08 16:44
VLAI
Title
File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
0 , ≤ 1.6.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T15:00:53.022154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T15:00:59.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aur\u00e9lien BOURDOIS"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:47.058Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30147e39-af94-4620-870b-71a0a46b7509?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/helpers/iprogress.php#L19"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/controllers/backup.php#L460"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3369101%40softdiscover-db-file-manager\u0026new=3369101%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T19:35:49.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "File Manager, Code editor, backup by Managefy \u003c= 1.6.1 - Unauthenticated Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10744",
"datePublished": "2025-10-01T03:25:22.906Z",
"dateReserved": "2025-09-19T19:20:39.706Z",
"dateUpdated": "2026-04-08T16:44:47.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9345 (GCVE-0-2025-9345)
Vulnerability from nvd – Published: 2025-08-28 03:42 – Updated: 2026-04-08 17:33
VLAI
Title
File Manager, Code Editor, and Backup by Managefy <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
0 , ≤ 1.4.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:36:53.402345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:49:05.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.4.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u0110\u1ed7 Quang Huy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:33:17.967Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53cf99e-3136-4a1d-bbbd-ff484f1df5c3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3350045%40softdiscover-db-file-manager\u0026new=3350045%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T17:25:07.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-27T14:40:26.000Z",
"value": "Disclosed"
}
],
"title": "File Manager, Code Editor, and Backup by Managefy \u003c= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9345",
"datePublished": "2025-08-28T03:42:45.718Z",
"dateReserved": "2025-08-22T14:12:56.987Z",
"dateUpdated": "2026-04-08T17:33:17.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10744 (GCVE-0-2025-10744)
Vulnerability from cvelistv5 – Published: 2025-10-01 03:25 – Updated: 2026-04-08 16:44
VLAI
Title
File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
0 , ≤ 1.6.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T15:00:53.022154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T15:00:59.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aur\u00e9lien BOURDOIS"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:47.058Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30147e39-af94-4620-870b-71a0a46b7509?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/helpers/iprogress.php#L19"
},
{
"url": "https://plugins.trac.wordpress.org/browser/softdiscover-db-file-manager/tags/1.5.0/modules/filemanager/controllers/backup.php#L460"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3369101%40softdiscover-db-file-manager\u0026new=3369101%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T19:35:49.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "File Manager, Code editor, backup by Managefy \u003c= 1.6.1 - Unauthenticated Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10744",
"datePublished": "2025-10-01T03:25:22.906Z",
"dateReserved": "2025-09-19T19:20:39.706Z",
"dateUpdated": "2026-04-08T16:44:47.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9345 (GCVE-0-2025-9345)
Vulnerability from cvelistv5 – Published: 2025-08-28 03:42 – Updated: 2026-04-08 17:33
VLAI
Title
File Manager, Code Editor, and Backup by Managefy <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download
Summary
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| softdiscover | File Manager, Code Editor, and Backup by Managefy |
Affected:
0 , ≤ 1.4.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:36:53.402345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:49:05.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager, Code Editor, and Backup by Managefy",
"vendor": "softdiscover",
"versions": [
{
"lessThanOrEqual": "1.4.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u0110\u1ed7 Quang Huy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:33:17.967Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53cf99e-3136-4a1d-bbbd-ff484f1df5c3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3350045%40softdiscover-db-file-manager\u0026new=3350045%40softdiscover-db-file-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T17:25:07.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-27T14:40:26.000Z",
"value": "Disclosed"
}
],
"title": "File Manager, Code Editor, and Backup by Managefy \u003c= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9345",
"datePublished": "2025-08-28T03:42:45.718Z",
"dateReserved": "2025-08-22T14:12:56.987Z",
"dateUpdated": "2026-04-08T17:33:17.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}