CVE-2023-5105: 
WordPress vulnerability analysis and mitigation

The Frontend File Manager Plugin for WordPress (versions before 22.6) contains a vulnerability identified as CVE-2023-5105. This security flaw allows users with Editor or higher privileges to bypass the file download logic, enabling them to download sensitive files such as 'wp-config.php'. The vulnerability was discovered by Dmitrii Ignatyev from CleanTalk and was publicly disclosed on November 13, 2023 (WPScan).

The vulnerability is classified as a Path Traversal (CWE-22) issue with a CVSS v3.1 base score of 6.5 (Medium) and CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The flaw exists in the file download logic implementation, which can be exploited through the plugin's user interface. The vulnerability allows authenticated users with Editor or higher privileges to manipulate the wpfm_dir_path and wpfm_file_url parameters to access files outside the intended directory structure (NVD).

The exploitation of this vulnerability could lead to unauthorized access to sensitive files on the WordPress installation, including the wp-config.php file which contains critical database credentials and security keys. This could potentially lead to full site compromise if an attacker gains access to these sensitive configuration files (WPScan).

The vulnerability has been patched in version 22.7 of the Frontend File Manager Plugin. Site administrators are strongly advised to update to this version or later to protect against this security issue (WPScan).