A high-severity vulnerability has been identified in the Frontend File Manager Plugin for WordPress, affecting all versions before 23. This flaw could allow an unauthenticated attacker to upload malicious files to a vulnerable website, potentially leading to a complete system compromise. Successful exploitation could result in data theft, website defacement, or the server being used for further malicious activities.

The vulnerability exists due to improper file validation within the plugin's file upload functionality. An attacker can bypass security checks designed to prevent the upload of executable file types (e.g., .php). By crafting a malicious request, an attacker could upload a web shell or other malicious script to a web-accessible directory on the server, leading to Remote Code Execution (RCE) when the uploaded file is accessed via a web browser.

This vulnerability is rated as High severity with a CVSS score of 7.7. Successful exploitation could lead to a complete compromise of the web server, posing a significant risk to the organization. Potential consequences include theft of sensitive data such as customer information or intellectual property, website defacement causing reputational damage, and the distribution of malware to site visitors. The compromised server could also be leveraged as a pivot point to launch further attacks against the internal network, leading to significant financial loss and operational disruption.

Immediate Action: Immediately update the Frontend File Manager Plugin to version 23 or the latest available version to patch the vulnerability. If the plugin is not critical to business operations, the recommended course of action is to deactivate and completely remove it to eliminate this attack surface.

Proactive Monitoring:

• Monitor web server and application logs for suspicious POST requests to file upload endpoints associated with the plugin.
• Implement File Integrity Monitoring (FIM) to alert on the creation of unexpected executable files (e.g., .php, .phtml) in web directories, particularly the /wp-content/uploads/ folder.
• Analyze network traffic for unusual outbound connections from the web server, which could indicate command-and-control communication or data exfiltration.

Compensating Controls:

• Web Application Firewall (WAF): Deploy a WAF with rules to block the upload of files with potentially dangerous extensions and to filter for signatures associated with this exploit once they become available.
• Harden Server Permissions: Configure web server directories to be non-executable. Specifically, prevent script execution within the uploads directory.
• Access Control: If possible, restrict access to the file manager functionality to trusted IP addresses at the network or web server level.

Public Exploit Available: false

Organizations utilizing the affected Frontend File Manager Plugin must treat this as a high-priority vulnerability. Due to the high severity score (7.7) and the potential for complete system compromise, immediate patching is strongly recommended. Although this vulnerability is not currently listed on the CISA KEV catalog, vulnerabilities of this nature in widely-used WordPress plugins are prime targets for mass exploitation. All systems running the vulnerable plugin should be updated to version 23 or later without delay.