Login Sign Up

CVE-2024-7031

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in the File Manager Pro – Filester WordPress plugin allows authenticated attackers with administrator-granted permissions to modify plugin settings without proper authorization. Attackers can enable dangerous file uploads like .php files, potentially leading to remote code execution. All WordPress sites using Filester plugin versions up to 1.8.2 are affected.

💻 Affected Systems

Products:
  • File Manager Pro – Filester WordPress plugin
Versions: All versions up to and including 1.8.2
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with permissions granted by administrator. WordPress multisite installations are also affected.

📦 What is this software?

Filester by Ninjateam

View all CVEs affecting Filester →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain remote code execution by uploading malicious PHP files, leading to complete site compromise, data theft, and server takeover.

🟠

Likely Case

Attackers modify settings to allow PHP file uploads, then upload webshells or malware to establish persistent access.

🟢

If Mitigated

With proper role-based access controls and file upload restrictions, impact is limited to unauthorized setting changes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has appropriate permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.3

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3129722/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'File Manager Pro – Filester' and click 'Update Now'. 4. Verify version is 1.8.3 or higher.

🔧 Temporary Workarounds

Disable vulnerable function via code modification

all

Add capability check to njt_fs_saveSettingRestrictions function

Edit wp-content/plugins/filester/includes/File_manager/FileManager.php
Add: if (!current_user_can('manage_options')) { wp_die(); } before line 566

Temporarily disable plugin

linux

Deactivate Filester plugin until patched

wp plugin deactivate filester

🧯 If You Can't Patch

  • Restrict user roles and permissions to minimize attack surface
  • Implement web application firewall rules to block .php file uploads

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin panel under Plugins → Installed Plugins

Check Version:

wp plugin get filester --field=version

Verify Fix Applied:

Verify Filester plugin version is 1.8.3 or higher

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=njt_fs_saveSettingRestrictions
  • Unauthorized modifications to plugin settings
  • Unexpected .php file uploads

Network Indicators:

  • HTTP POST requests containing 'njt_fs_saveSettingRestrictions' parameter

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data="*njt_fs_saveSettingRestrictions*")

📊 Metadata

CVE ID: CVE-2024-7031
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: August 3, 2024
Last Updated: April 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7031, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)