Description
WordPress Plugin wp-FileManager is prone to an arbitrary file disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the web server process, which may aid in launching further attacks. WordPress Plugin wp-FileManager version 1.3.0 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.4.0 or latest
References
http://www.exploit-db.com/exploits/25440/
http://packetstormsecurity.com/files/121637/WordPress-wp-FileManager-File-Download.html
Related Vulnerabilities
WordPress Plugin Gallery-Photo Albums-Portfolio Cross-Site Scripting (1.3.47)
WordPress Plugin Maintenance Cross-Site Scripting (4.02)
WordPress Plugin Image Photo Gallery Final Tiles Grid Security Bypass (3.3.52)
WordPress Plugin Asgaros Forum Cross-Site Request Forgery (1.5.8)
WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)