Check Point Advisories

WordPress File Manager Plugin Remote Code Execution (CVE-2020-25213)

Check Point Reference: CPAI-2020-0869
Date Published: 29 Sep 2020
Severity: Critical
Last Updated: 29 Sep 2020
Source:
Industry Reference:CVE-2020-25213
Protection Provided by:

Security Gateway
R80, R77, R75

Who is Vulnerable? WordPress File Manager Plugin prior to 6.9
Vulnerability Description A remote code execution vulnerability exists in WordPress File Manager Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Protection Overview

IPSDU-24457

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the WordPress File Manager Plugin Remote Code Execution (CVE-2020-25213) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  WordPress Enforcement Protection.
Attack Information:  WordPress File Manager Plugin Remote Code Execution (CVE-2020-25213)

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO