CVE-2024-11391
📋 TL;DR
The Advanced File Manager WordPress plugin allows authenticated attackers with Subscriber-level access to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to 5.2.10 are vulnerable.
💻 Affected Systems
- Advanced File Manager WordPress Plugin
📦 What is this software?
Advanced File Manager by Advancedfilemanager
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, leading to data theft, site defacement, malware distribution, or ransomware deployment.
Likely Case
Unauthorized file upload leading to webshell installation, backdoor persistence, and limited server access.
If Mitigated
File upload attempts logged and blocked, with no successful exploitation due to proper file validation.
🎯 Exploit Status
Requires authenticated access (Subscriber or higher) and administrator-granted permissions. File upload bypass is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.2.11 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3199242/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Advanced File Manager'. 4. Click 'Update Now' if available. 5. Alternatively, download version 5.2.11+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Advanced File Manager Plugin
WordPressTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate advanced-file-manager
Restrict File Uploads via .htaccess
ApacheBlock PHP and other executable file uploads in the uploads directory.
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">\n Order Allow,Deny\n Deny from all\n</FilesMatch>
🧯 If You Can't Patch
- Remove Subscriber registration capability or implement strong user approval processes
- Implement web application firewall rules to block suspicious file upload patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Advanced File Manager for version number. If version is 5.2.10 or lower, system is vulnerable.Check Version:
wp plugin get advanced-file-manager --field=versionVerify Fix Applied:
Verify plugin version is 5.2.11 or higher in WordPress admin panel. Test file upload functionality with non-whitelisted file types.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/ directory
- Multiple failed upload attempts with executable extensions
- POST requests to /wp-content/plugins/advanced-file-manager/class_fma_connector.php
Network Indicators:
- HTTP POST requests with file uploads to plugin endpoint
- Traffic patterns showing uploads followed by execution attempts
SIEM Query:
source="wordpress.log" AND (uri="/wp-content/plugins/advanced-file-manager/class_fma_connector.php" OR message="File upload")